[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Aug 14 21:10:57 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9fb92ed3 by security tracker role at 2019-08-14T20:10:27Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,82 +1,126 @@
-CVE-2019-15033
-	RESERVED
-CVE-2019-15032
-	RESERVED
-CVE-2019-15031
-	RESERVED
-CVE-2019-15030
-	RESERVED
-CVE-2019-15029
-	RESERVED
-CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact could allow ...)
-	NOT-FOR-US: Joomla!
-CVE-2019-15027
-	RESERVED
-CVE-2019-15026
-	RESERVED
-CVE-2019-15025
-	RESERVED
-CVE-2018-20968
+CVE-2019-15055
 	RESERVED
-CVE-2018-20967
+CVE-2019-15054
 	RESERVED
-CVE-2017-18515
-	RESERVED
-CVE-2017-18514
-	RESERVED
-CVE-2017-18513
-	RESERVED
-CVE-2017-18512
-	RESERVED
-CVE-2017-18511
-	RESERVED
-CVE-2017-18510
-	RESERVED
-CVE-2016-10889
+CVE-2019-15053 (The "HTML Include and replace macro" plugin before 1.5.0 for Confluenc ...)
+	TODO: check
+CVE-2019-15052
 	RESERVED
-CVE-2016-10888
+CVE-2019-15051
 	RESERVED
-CVE-2016-10887
+CVE-2019-15050 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
+	TODO: check
+CVE-2019-15049 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
+	TODO: check
+CVE-2019-15048 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
+	TODO: check
+CVE-2019-15047 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
+	TODO: check
+CVE-2019-15046 (Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthentica ...)
+	TODO: check
+CVE-2019-15045
 	RESERVED
-CVE-2016-10886
+CVE-2019-15044
 	RESERVED
-CVE-2016-10885
+CVE-2019-15043
 	RESERVED
-CVE-2016-10884
+CVE-2019-15042
 	RESERVED
-CVE-2016-10883
+CVE-2019-15041
 	RESERVED
-CVE-2016-10882
+CVE-2019-15040
 	RESERVED
-CVE-2016-10881
+CVE-2019-15039
 	RESERVED
-CVE-2016-10880
+CVE-2019-15038
 	RESERVED
-CVE-2015-9316
+CVE-2019-15037
 	RESERVED
-CVE-2015-9315
+CVE-2019-15036
 	RESERVED
-CVE-2015-9314
+CVE-2019-15035
 	RESERVED
-CVE-2015-9313
+CVE-2019-15034
 	RESERVED
-CVE-2015-9312
+CVE-2019-15033
 	RESERVED
-CVE-2015-9311
+CVE-2019-15032
 	RESERVED
-CVE-2015-9310
+CVE-2019-15031
 	RESERVED
-CVE-2015-9309
+CVE-2019-15030
 	RESERVED
-CVE-2015-9308
+CVE-2019-15029
 	RESERVED
-CVE-2015-9307
+CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact could allow ...)
+	NOT-FOR-US: Joomla!
+CVE-2019-15027 (The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on  ...)
+	TODO: check
+CVE-2019-15026
 	RESERVED
+CVE-2019-15025 (The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection ...)
+	TODO: check
+CVE-2018-20968 (The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2018-20967 (The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSR ...)
+	TODO: check
+CVE-2017-18515 (The wp-statistics plugin before 12.0.8 for WordPress has SQL injection ...)
+	TODO: check
+CVE-2017-18514 (The simple-login-log plugin before 1.1.2 for WordPress has SQL injecti ...)
+	TODO: check
+CVE-2017-18513 (The responsive-menu plugin before 3.1.4 for WordPress has no CSRF prot ...)
+	TODO: check
+CVE-2017-18512 (The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF ...)
+	TODO: check
+CVE-2017-18511 (The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2017-18510 (The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related ...)
+	TODO: check
+CVE-2016-10889 (The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injecti ...)
+	TODO: check
+CVE-2016-10888 (The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPr ...)
+	TODO: check
+CVE-2016-10887 (The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPr ...)
+	TODO: check
+CVE-2016-10886 (The wp-editor plugin before 1.2.6 for WordPress has incorrect permissi ...)
+	TODO: check
+CVE-2016-10885 (The wp-editor plugin before 1.2.6 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2016-10884 (The simple-membership plugin before 3.3.3 for WordPress has multiple C ...)
+	TODO: check
+CVE-2016-10883 (The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF ...)
+	TODO: check
+CVE-2016-10882 (The google-document-embedder plugin before 2.6.2 for WordPress has CSR ...)
+	TODO: check
+CVE-2016-10881 (The google-document-embedder plugin before 2.6.2 for WordPress has XSS ...)
+	TODO: check
+CVE-2016-10880 (The google-document-embedder plugin before 2.6.1 for WordPress has XSS ...)
+	TODO: check
+CVE-2015-9316 (The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injec ...)
+	TODO: check
+CVE-2015-9315 (The newstatpress plugin before 1.0.1 for WordPress has SQL injection. ...)
+	TODO: check
+CVE-2015-9314 (The newstatpress plugin before 1.0.4 for WordPress has XSS related to  ...)
+	TODO: check
+CVE-2015-9313 (The newstatpress plugin before 1.0.5 for WordPress has SQL injection r ...)
+	TODO: check
+CVE-2015-9312 (The newstatpress plugin before 1.0.5 for WordPress has XSS related to  ...)
+	TODO: check
+CVE-2015-9311 (The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. ...)
+	TODO: check
+CVE-2015-9310 (The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPr ...)
+	TODO: check
+CVE-2015-9309 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF i ...)
+	TODO: check
+CVE-2015-9308 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF i ...)
+	TODO: check
+CVE-2015-9307 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF i ...)
+	TODO: check
 CVE-2014-10375 (handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a nega ...)
 	- libexosip2 <unfixed> (bug #934766)
 	NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070
-CVE-2013-7476
-	RESERVED
+CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in the admi ...)
+	TODO: check
 CVE-2019-15024
 	RESERVED
 CVE-2019-15023
@@ -180,10 +224,10 @@ CVE-2019-14977
 	RESERVED
 CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter ...)
 	NOT-FOR-US: idreamsoft iCMS
-CVE-2019-14975
-	RESERVED
-CVE-2019-14974
-	RESERVED
+CVE-2019-14975 (Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_ch ...)
+	TODO: check
+CVE-2019-14974 (SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.h ...)
+	TODO: check
 CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through ...)
 	- tiff 4.0.10+git190814-1 (bug #934780)
 	- tiff3 <removed>
@@ -10204,8 +10248,8 @@ CVE-2019-11654
 	RESERVED
 CVE-2019-11653 (Remote Access Control Bypass in Micro Focus Content Manager. versions  ...)
 	NOT-FOR-US: Micro Focus
-CVE-2019-11652
-	RESERVED
+CVE-2019-11652 (A potential authorization bypass issue was found in Micro Focus Self S ...)
+	TODO: check
 CVE-2019-11651
 	RESERVED
 CVE-2019-11650 (A potential Man in the Middle attack (MITM) was found in NetIQ Advance ...)
@@ -13948,13 +13992,13 @@ CVE-2019-10203 [PowerDNS Security Advisory 2019-06: Denial of service via crafte
 	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html
 CVE-2019-10202
 	RESERVED
-CVE-2019-10201
-	RESERVED
+CVE-2019-10201 (It was found that Keycloak's SAML broker, versions up to 6.0.1, did no ...)
+	TODO: check
 CVE-2019-10200
 	RESERVED
 	NOT-FOR-US: OpenShift
-CVE-2019-10199
-	RESERVED
+CVE-2019-10199 (It was found that Keycloak's account console, up to 6.0.1, did not per ...)
+	TODO: check
 CVE-2019-10198 (An authentication bypass vulnerability was discovered in foreman-tasks ...)
 	- foreman <itp> (bug #663101)
 CVE-2019-10197
@@ -16835,8 +16879,8 @@ CVE-2019-9508
 	RESERVED
 CVE-2019-9507
 	RESERVED
-CVE-2019-9506
-	RESERVED
+CVE-2019-9506 (The Bluetooth BR/EDR specification up to and including version 5.1 per ...)
+	TODO: check
 CVE-2019-9505 (The PrinterLogic Print Management software, versions up to and includi ...)
 	NOT-FOR-US: PrinterLogic Print Management
 CVE-2019-9504
@@ -20409,8 +20453,8 @@ CVE-2019-8064
 	RESERVED
 CVE-2019-8063
 	RESERVED
-CVE-2019-8062
-	RESERVED
+CVE-2019-8062 (Adobe After Effects versions 16 and earlier have an insecure library l ...)
+	TODO: check
 CVE-2019-8061
 	RESERVED
 CVE-2019-8060
@@ -20611,8 +20655,8 @@ CVE-2019-7963 (Adobe Bridge CC version 9.0.2 and earlier versions have an out of
 	NOT-FOR-US: Adobe Bridge CC
 CVE-2019-7962
 	RESERVED
-CVE-2019-7961
-	RESERVED
+CVE-2019-7961 (Adobe Prelude CC versions 8.1 and earlier have an insecure library loa ...)
+	TODO: check
 CVE-2019-7960
 	RESERVED
 CVE-2019-7959
@@ -20671,8 +20715,8 @@ CVE-2019-7933
 	RESERVED
 CVE-2019-7932 (A remote code execution vulnerability exists in Magento Open Source pr ...)
 	NOT-FOR-US: Magento
-CVE-2019-7931
-	RESERVED
+CVE-2019-7931 (Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure lib ...)
+	TODO: check
 CVE-2019-7930 (A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18 ...)
 	NOT-FOR-US: Magento
 CVE-2019-7929 (An information leakage vulnerability exists in Magento 2.1 prior to 2. ...)
@@ -20793,8 +20837,8 @@ CVE-2019-7872 (An insecure direct object reference (IDOR) vulnerability exists i
 	NOT-FOR-US: Magento
 CVE-2019-7871 (A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 p ...)
 	NOT-FOR-US: Magento
-CVE-2019-7870
-	RESERVED
+CVE-2019-7870 (Adobe Character Animator versions 2.1 and earlier have an insecure lib ...)
+	TODO: check
 CVE-2019-7869 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
 	NOT-FOR-US: Magento
 CVE-2019-7868 (A stored cross-site scripting vulnerability exists in the admin panel  ...)
@@ -30226,7 +30270,7 @@ CVE-2019-3950 (Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hard
 	NOT-FOR-US: Arlo Basestation firmware
 CVE-2019-3949 (Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a  ...)
 	NOT-FOR-US: Arlo Basestation firmware
-CVE-2019-3948 (The Amcrest IP2M-841B IP camera firmware version V2.520.AC00.18.R does ...)
+CVE-2019-3948 (The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000 ...)
 	NOT-FOR-US: Amcrest IP2M-841B IP camera firmware
 CVE-2019-3947 (Fuji Electric V-Server before 6.0.33.0 stores database credentials in  ...)
 	NOT-FOR-US: Fuji Electric V-Server
@@ -31124,16 +31168,16 @@ CVE-2019-3641
 	RESERVED
 CVE-2019-3640
 	RESERVED
-CVE-2019-3639
-	RESERVED
+CVE-2019-3639 (Clickjack vulnerability in Adminstrator web console in McAfee Web Gate ...)
+	TODO: check
 CVE-2019-3638
 	RESERVED
-CVE-2019-3637
-	RESERVED
+CVE-2019-3637 (Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.20 ...)
+	TODO: check
 CVE-2019-3636
 	RESERVED
-CVE-2019-3635
-	RESERVED
+CVE-2019-3635 (Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8. ...)
+	TODO: check
 CVE-2019-3634
 	RESERVED
 CVE-2019-3633
@@ -41318,48 +41362,48 @@ CVE-2019-0353
 	RESERVED
 CVE-2019-0352
 	RESERVED
-CVE-2019-0351
-	RESERVED
+CVE-2019-0351 (A remote code execution vulnerability exists in the SAP NetWeaver UDDI ...)
+	TODO: check
 CVE-2019-0350
 	RESERVED
-CVE-2019-0349
-	RESERVED
-CVE-2019-0348
-	RESERVED
+CVE-2019-0349 (SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7. ...)
+	TODO: check
+CVE-2019-0348 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence), ...)
+	TODO: check
 CVE-2019-0347
 	RESERVED
-CVE-2019-0346
-	RESERVED
-CVE-2019-0345
-	RESERVED
-CVE-2019-0344
-	RESERVED
-CVE-2019-0343
-	RESERVED
+CVE-2019-0346 (Unencrypted communication error in SAP Business Objects Business Intel ...)
+	TODO: check
+CVE-2019-0345 (A remote unauthenticated attacker can abuse a web service in SAP NetWe ...)
+	TODO: check
+CVE-2019-0344 (Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc  ...)
+	TODO: check
+CVE-2019-0343 (SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6 ...)
+	TODO: check
 CVE-2019-0342
 	RESERVED
-CVE-2019-0341
-	RESERVED
-CVE-2019-0340
-	RESERVED
+CVE-2019-0341 (The session cookie used by SAP Enable Now, version 1902, does not have ...)
+	TODO: check
+CVE-2019-0340 (The XML parser, which is being used by SAP Enable Now, before version  ...)
+	TODO: check
 CVE-2019-0339
 	RESERVED
-CVE-2019-0338
-	RESERVED
-CVE-2019-0337
-	RESERVED
+CVE-2019-0338 (During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752,  ...)
+	TODO: check
+CVE-2019-0337 (Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10 ...)
+	TODO: check
 CVE-2019-0336
 	RESERVED
-CVE-2019-0335
-	RESERVED
-CVE-2019-0334
-	RESERVED
-CVE-2019-0333
-	RESERVED
-CVE-2019-0332
-	RESERVED
-CVE-2019-0331
-	RESERVED
+CVE-2019-0335 (Under certain conditions SAP BusinessObjects Business Intelligence Pla ...)
+	TODO: check
+CVE-2019-0334 (When creating a module in SAP BusinessObjects Business Intelligence Pl ...)
+	TODO: check
+CVE-2019-0333 (In some situations, when a client cancels a query in SAP BusinessObjec ...)
+	TODO: check
+CVE-2019-0332 (SAP BusinessObjects Business Intelligence Platform (Info View), versio ...)
+	TODO: check
+CVE-2019-0331 (Under certain conditions, SAP BusinessObjects Business Intelligence Pl ...)
+	TODO: check
 CVE-2019-0330 (The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand C ...)
 	NOT-FOR-US: SAP
 CVE-2019-0329 (SAP Information Steward, version 4.2, does not sufficiently encode use ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fb92ed3a694ad8a47f1e6b0191aeeda52f89930

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fb92ed3a694ad8a47f1e6b0191aeeda52f89930
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190814/b11e03e0/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list