[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Aug 12 21:10:35 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aec6e2ec by security tracker role at 2019-08-12T20:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,63 @@
-CVE-2019-14950
+CVE-2019-14974
 	RESERVED
-CVE-2019-14949
+CVE-2019-14973
 	RESERVED
-CVE-2019-14948
+CVE-2019-14972
 	RESERVED
-CVE-2019-14947
+CVE-2019-14971
 	RESERVED
-CVE-2019-14946
+CVE-2019-14970
 	RESERVED
-CVE-2019-14945
+CVE-2019-14969 (Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\N ...)
+	TODO: check
+CVE-2019-14968 (An issue was discovered in imcat 4.9. There is SQL Injection via the i ...)
+	TODO: check
+CVE-2019-14967 (An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and ...)
+	TODO: check
+CVE-2019-14966 (An issue was discovered in Frappe Framework 10 through 12 before 12.0. ...)
+	TODO: check
+CVE-2019-14965 (An issue was discovered in Frappe Framework 10 through 12 before 12.0. ...)
+	TODO: check
+CVE-2019-14964
+	RESERVED
+CVE-2019-14963
+	RESERVED
+CVE-2019-14962
+	RESERVED
+CVE-2019-14961
+	RESERVED
+CVE-2019-14960
+	RESERVED
+CVE-2019-14959
 	RESERVED
+CVE-2019-14958
+	RESERVED
+CVE-2019-14957
+	RESERVED
+CVE-2019-14956
+	RESERVED
+CVE-2019-14955
+	RESERVED
+CVE-2019-14954
+	RESERVED
+CVE-2019-14953
+	RESERVED
+CVE-2019-14952
+	RESERVED
+CVE-2019-14951 (The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Le ...)
+	TODO: check
+CVE-2019-14950 (The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS vi ...)
+	TODO: check
+CVE-2019-14949 (The wp-database-backup plugin before 5.1.2 for WordPress has XSS. ...)
+	TODO: check
+CVE-2019-14948 (The woocommerce-product-addon plugin before 18.4 for WordPress has XSS ...)
+	TODO: check
+CVE-2019-14947 (The ultimate-member plugin before 2.0.52 for WordPress has XSS during  ...)
+	TODO: check
+CVE-2019-14946 (The ultimate-member plugin before 2.0.52 for WordPress has XSS related ...)
+	TODO: check
+CVE-2019-14945 (The ultimate-member plugin before 2.0.54 for WordPress has XSS. ...)
+	TODO: check
 CVE-2019-14944
 	RESERVED
 CVE-2019-14943
@@ -34,36 +82,36 @@ CVE-2019-14934 (An issue was discovered in PDFResurrect before 0.18. pdf_load_pa
 	TODO: check
 CVE-2019-14933 (Bagisto 0.1.5 allows CSRF under /admin URIs. ...)
 	TODO: check
-CVE-2019-14932
-	RESERVED
-CVE-2018-20966
-	RESERVED
-CVE-2018-20965
-	RESERVED
+CVE-2019-14932 (The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203  ...)
+	TODO: check
+CVE-2018-20966 (The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in t ...)
+	TODO: check
+CVE-2018-20965 (The ultimate-member plugin before 2.0.4 for WordPress has XSS. ...)
+	TODO: check
 CVE-2018-20964
 	RESERVED
 CVE-2018-20963
 	RESERVED
-CVE-2017-18508
-	RESERVED
+CVE-2017-18508 (The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. ...)
+	TODO: check
 CVE-2017-18507
 	RESERVED
-CVE-2017-18506
-	RESERVED
-CVE-2017-18505
-	RESERVED
-CVE-2017-18504
-	RESERVED
-CVE-2017-18503
-	RESERVED
-CVE-2017-18502
-	RESERVED
-CVE-2017-18501
-	RESERVED
-CVE-2017-18500
-	RESERVED
-CVE-2017-18499
-	RESERVED
+CVE-2017-18506 (The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for Wo ...)
+	TODO: check
+CVE-2017-18505 (The twitter-plugin plugin before 2.55 for WordPress has XSS. ...)
+	TODO: check
+CVE-2017-18504 (The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2017-18503 (The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS. ...)
+	TODO: check
+CVE-2017-18502 (The subscriber plugin before 1.3.5 for WordPress has multiple XSS issu ...)
+	TODO: check
+CVE-2017-18501 (The social-login-bws plugin before 0.2 for WordPress has multiple XSS  ...)
+	TODO: check
+CVE-2017-18500 (The social-buttons-pack plugin before 1.1.1 for WordPress has multiple ...)
+	TODO: check
+CVE-2017-18499 (The simple-membership plugin before 3.5.7 for WordPress has XSS. ...)
+	TODO: check
 CVE-2017-18498
 	RESERVED
 CVE-2017-18497
@@ -88,22 +136,22 @@ CVE-2017-18488
 	RESERVED
 CVE-2017-18487
 	RESERVED
-CVE-2016-10879
-	RESERVED
-CVE-2016-10878
-	RESERVED
-CVE-2016-10877
-	RESERVED
-CVE-2016-10876
-	RESERVED
-CVE-2016-10875
-	RESERVED
-CVE-2016-10874
-	RESERVED
-CVE-2016-10873
-	RESERVED
-CVE-2016-10872
-	RESERVED
+CVE-2016-10879 (The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS. ...)
+	TODO: check
+CVE-2016-10878 (The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS. ...)
+	TODO: check
+CVE-2016-10877 (The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS iss ...)
+	TODO: check
+CVE-2016-10876 (The wp-database-backup plugin before 4.3.1 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2016-10875 (The wp-database-backup plugin before 4.3.1 for WordPress has XSS. ...)
+	TODO: check
+CVE-2016-10874 (The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2016-10873 (The wp-database-backup plugin before 4.3.3 for WordPress has XSS. ...)
+	TODO: check
+CVE-2016-10872 (The ultimate-member plugin before 1.3.40 for WordPress has XSS on the  ...)
+	TODO: check
 CVE-2016-10871
 	RESERVED
 CVE-2016-10870
@@ -116,14 +164,14 @@ CVE-2016-10867
 	RESERVED
 CVE-2016-10866
 	RESERVED
-CVE-2015-9306
-	RESERVED
-CVE-2015-9305
-	RESERVED
-CVE-2015-9304
-	RESERVED
-CVE-2015-9303
-	RESERVED
+CVE-2015-9306 (The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS ...)
+	TODO: check
+CVE-2015-9305 (The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS rel ...)
+	TODO: check
+CVE-2015-9304 (The ultimate-member plugin before 1.3.18 for WordPress has XSS via tex ...)
+	TODO: check
+CVE-2015-9303 (The simple-share-buttons-adder plugin before 6.0.0 for WordPress has X ...)
+	TODO: check
 CVE-2015-9302
 	RESERVED
 CVE-2015-9301
@@ -2442,25 +2490,27 @@ CVE-2019-14237
 CVE-2019-14236
 	RESERVED
 CVE-2019-14235 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before  ...)
+	{DSA-4498-1}
 	- python-django 2:2.2.4-1 (bug #934026)
 	[jessie] - python-django <not-affected> (Vulnerable code not present)
 	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
 	NOTE: https://github.com/django/django/commit/cf694e6852b0da7799f8b53f1fb2f7d20cf17534 (2.2.x)
 	NOTE: https://github.com/django/django/commit/869b34e9b3be3a4cfcb3a145f218ffd3f5e3fd79 (1.11.x)
 CVE-2019-14234 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before  ...)
+	{DSA-4498-1}
 	- python-django 2:2.2.4-1 (bug #934026)
 	[jessie] - python-django <not-affected> (Vulnerable code not present)
 	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
 	NOTE: https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387 (2.2.x)
 	NOTE: https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef (1.11.x)
 CVE-2019-14233 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before  ...)
-	{DLA-1872-1}
+	{DSA-4498-1 DLA-1872-1}
 	- python-django 2:2.2.4-1 (bug #934026)
 	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
 	NOTE: https://github.com/django/django/commit/e34f3c0e9ee5fc9022428fe91640638bafd4cda7 (2.2.x)
 	NOTE: https://github.com/django/django/commit/52479acce792ad80bb0f915f20b835f919993c72 (1.11.x)
 CVE-2019-14232 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before  ...)
-	{DLA-1872-1}
+	{DSA-4498-1 DLA-1872-1}
 	- python-django 2:2.2.4-1 (bug #934026)
 	NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
 	NOTE: https://github.com/django/django/commit/c3289717c6f21a8cf23daff1c78c0c014b94041f (2.2.x)
@@ -5174,8 +5224,8 @@ CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS)
 	TODO: check
 CVE-2019-13463
 	RESERVED
-CVE-2019-13462
-	RESERVED
+CVE-2019-13462 (Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. ...)
+	TODO: check
 CVE-2019-13461 (In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_addre ...)
 	NOT-FOR-US: PrestaShop
 CVE-2019-13460
@@ -7413,8 +7463,8 @@ CVE-2019-12620
 	RESERVED
 CVE-2019-12619
 	RESERVED
-CVE-2019-12618
-	RESERVED
+CVE-2019-12618 (HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via t ...)
+	TODO: check
 CVE-2019-12617
 	RESERVED
 CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability wa ...)
@@ -13619,6 +13669,7 @@ CVE-2019-10217
 	NOTE: https://github.com/ansible/ansible/pull/59427
 CVE-2019-10216 [-dSAFER escape via .buildfont1]
 	RESERVED
+	{DSA-4499-1}
 	- ghostscript <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/08/12/4
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701394



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aec6e2ec3441549e07c08792b9436db85a6ba2ee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/aec6e2ec3441549e07c08792b9436db85a6ba2ee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190812/562110b1/attachment.html>

More information about the debian-security-tracker-commits mailing list