[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 27 21:10:31 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e65f0bc2 by security tracker role at 2019-08-27T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,102 +1,194 @@
-CVE-2019-15666 (An issue was discovered in the Linux kernel before 5.0.19. There is an ...)
- - linux 5.2.6-1
- [jessie] - linux 3.16.72-1
- NOTE: https://git.kernel.org/linus/b805d78d300bcf2c83d6df7da0c818b0fee41427
-CVE-2019-15665
+CVE-2019-15712
RESERVED
-CVE-2019-15664
+CVE-2019-15711
RESERVED
-CVE-2019-15663
+CVE-2019-15710
RESERVED
-CVE-2019-15662
+CVE-2019-15709
RESERVED
-CVE-2019-15661
+CVE-2019-15708
RESERVED
-CVE-2019-15660
+CVE-2019-15707
RESERVED
-CVE-2019-15659
+CVE-2019-15706
RESERVED
-CVE-2019-15658 (connect-pg-simple before 6.0.1 allows SQL injection if tableName or sc ...)
+CVE-2019-15705
+ RESERVED
+CVE-2019-15704
+ RESERVED
+CVE-2019-15703
+ RESERVED
+CVE-2019-15702 (In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the pars ...)
TODO: check
-CVE-2019-15657 (In eslint-utils before 1.4.1, the getStaticValue function can execute ...)
+CVE-2019-15701 (components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote atta ...)
TODO: check
-CVE-2019-15656
+CVE-2019-15700 (public/js/frappe/form/footer/timeline.js in Frappe Framework 12 throug ...)
+ TODO: check
+CVE-2019-15699
RESERVED
-CVE-2019-15655
+CVE-2019-15698 (In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, ...)
+ TODO: check
+CVE-2019-15697
RESERVED
-CVE-2019-15654
+CVE-2019-15696
RESERVED
-CVE-2019-15653
+CVE-2019-15695
RESERVED
-CVE-2019-15652
+CVE-2019-15694
RESERVED
-CVE-2019-15651 (wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCert ...)
- - wolfssl <unfixed>
- NOTE: https://github.com/wolfSSL/wolfssl/issues/2421
-CVE-2019-15650
+CVE-2019-15693
RESERVED
-CVE-2019-15649
+CVE-2019-15692
RESERVED
-CVE-2019-15648
+CVE-2019-15691
RESERVED
-CVE-2019-15647
+CVE-2019-15690
RESERVED
-CVE-2019-15646
+CVE-2019-15689
RESERVED
-CVE-2019-15645
+CVE-2019-15688
RESERVED
-CVE-2019-15644
+CVE-2019-15687
RESERVED
-CVE-2019-15643
+CVE-2019-15686
RESERVED
-CVE-2018-21006
+CVE-2019-15685
RESERVED
-CVE-2018-21005
+CVE-2019-15684
RESERVED
-CVE-2018-21004
+CVE-2019-15683
RESERVED
-CVE-2018-21003
+CVE-2019-15682
RESERVED
-CVE-2018-21002
+CVE-2019-15681
RESERVED
-CVE-2018-21001
+CVE-2019-15680
RESERVED
-CVE-2017-18592
+CVE-2019-15679
RESERVED
-CVE-2017-18591
+CVE-2019-15678
RESERVED
-CVE-2017-18590
+CVE-2019-15677
RESERVED
-CVE-2016-10936
+CVE-2019-15676
RESERVED
-CVE-2016-10935
+CVE-2019-15675
RESERVED
-CVE-2016-10934
+CVE-2019-15674
RESERVED
-CVE-2015-9352
+CVE-2019-15673
RESERVED
-CVE-2015-9351
+CVE-2019-15672
RESERVED
-CVE-2015-9350
+CVE-2019-15671
+ RESERVED
+CVE-2019-15670
+ RESERVED
+CVE-2019-15669
+ RESERVED
+CVE-2019-15668
+ RESERVED
+CVE-2019-15667
+ RESERVED
+CVE-2019-15666 (An issue was discovered in the Linux kernel before 5.0.19. There is an ...)
+ - linux 5.2.6-1
+ [jessie] - linux 3.16.72-1
+ NOTE: https://git.kernel.org/linus/b805d78d300bcf2c83d6df7da0c818b0fee41427
+CVE-2019-15665
RESERVED
-CVE-2015-9349
+CVE-2019-15664
RESERVED
-CVE-2015-9348
+CVE-2019-15663
RESERVED
-CVE-2015-9347
+CVE-2019-15662
RESERVED
-CVE-2015-9346
+CVE-2019-15661
RESERVED
-CVE-2015-9345
+CVE-2019-15660 (The wp-members plugin before 3.2.8 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2019-15659 (The pie-register plugin before 3.1.2 for WordPress has SQL injection, ...)
+ TODO: check
+CVE-2019-15658 (connect-pg-simple before 6.0.1 allows SQL injection if tableName or sc ...)
+ TODO: check
+CVE-2019-15657 (In eslint-utils before 1.4.1, the getStaticValue function can execute ...)
+ TODO: check
+CVE-2019-15656
RESERVED
-CVE-2015-9344
+CVE-2019-15655
RESERVED
-CVE-2015-9343
+CVE-2019-15654
RESERVED
-CVE-2015-9342
+CVE-2019-15653
RESERVED
-CVE-2014-10395
+CVE-2019-15652
RESERVED
+CVE-2019-15651 (wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCert ...)
+ - wolfssl <unfixed>
+ NOTE: https://github.com/wolfSSL/wolfssl/issues/2421
+CVE-2019-15650 (The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPr ...)
+ TODO: check
+CVE-2019-15649 (The insert-or-embed-articulate-content-into-wordpress plugin before 4. ...)
+ TODO: check
+CVE-2019-15648 (The insert-or-embed-articulate-content-into-wordpress plugin before 4. ...)
+ TODO: check
+CVE-2019-15647 (The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-aj ...)
+ TODO: check
+CVE-2019-15646 (The rsvpmaker plugin before 6.2 for WordPress has SQL injection. ...)
+ TODO: check
+CVE-2019-15645 (The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2019-15644 (The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. ...)
+ TODO: check
+CVE-2019-15643 (The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. ...)
+ TODO: check
+CVE-2018-21006 (The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2018-21005 (The bbp-move-topics plugin before 1.1.6 for WordPress has code injecti ...)
+ TODO: check
+CVE-2018-21004 (The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. ...)
+ TODO: check
+CVE-2018-21003 (The buddyforms plugin before 2.2.8 for WordPress has SQL injection. ...)
+ TODO: check
+CVE-2018-21002 (The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2018-21001 (The anycomment plugin before 0.0.33 for WordPress has XSS. ...)
+ TODO: check
+CVE-2017-18592 (The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has ...)
+ TODO: check
+CVE-2017-18591 (The gd-rating-system plugin before 2.1 for WordPress has XSS in log.ph ...)
+ TODO: check
+CVE-2017-18590 (The timesheet plugin before 0.1.5 for WordPress has multiple XSS issue ...)
+ TODO: check
+CVE-2016-10936 (The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll b ...)
+ TODO: check
+CVE-2016-10935 (The woocommerce-exporter plugin before 1.8.4 for WordPress has privile ...)
+ TODO: check
+CVE-2016-10934 (The check-email plugin before 0.5.2 for WordPress has XSS. ...)
+ TODO: check
+CVE-2015-9352 (The wp-polls plugin before 2.72 for WordPress has SQL injection. ...)
+ TODO: check
+CVE-2015-9351 (The feed-them-social plugin before 1.7.0 for WordPress has possible sh ...)
+ TODO: check
+CVE-2015-9350 (The feed-them-social plugin before 1.7.0 for WordPress has reflected X ...)
+ TODO: check
+CVE-2015-9349 (The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has ref ...)
+ TODO: check
+CVE-2015-9348 (The sell-downloads plugin before 1.0.8 for WordPress has insufficient ...)
+ TODO: check
+CVE-2015-9347 (The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors. ...)
+ TODO: check
+CVE-2015-9346 (The cp-polls plugin before 1.0.5 for WordPress has XSS. ...)
+ TODO: check
+CVE-2015-9345 (The link-log plugin before 2.0 for WordPress has HTTP Response Splitti ...)
+ TODO: check
+CVE-2015-9344 (The link-log plugin before 2.1 for WordPress has SQL injection. ...)
+ TODO: check
+CVE-2015-9343 (The wp-rollback plugin before 1.2.3 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2015-9342 (The wp-rollback plugin before 1.2.3 for WordPress has XSS. ...)
+ TODO: check
+CVE-2014-10395 (The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes li ...)
+ TODO: check
CVE-2019-15642 (rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execu ...)
- webmin <removed>
CVE-2019-15641 (xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. B ...)
@@ -827,7 +919,7 @@ CVE-2019-15316 (Valve Steam Client for Windows through 2019-08-20 has weak folde
NOT-FOR-US: Valve Steam Client for Windows
CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows privilege esc ...)
NOT-FOR-US: Valve Steam Client for Windows
-CVE-2018-20986 (The advanced-custom-fields plugin before 5.7.8 for WordPress has XSS b ...)
+CVE-2018-20986 (The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) ...)
NOT-FOR-US: advanced-custom-fields plugin for WordPress
CVE-2018-20985 (The wp-payeezy-pay plugin before 2.98 for WordPress has local file inc ...)
NOT-FOR-US: wp-payeezy-pay plugin for WordPress
@@ -4308,8 +4400,8 @@ CVE-2019-14316
RESERVED
CVE-2019-14315 (A cross-site scripting (XSS) vulnerability in upload.php in SunHater K ...)
NOT-FOR-US: SunHater KCFinder
-CVE-2019-14314
- RESERVED
+CVE-2019-14314 (A SQL injection vulnerability exists in the Imagely NextGEN Gallery pl ...)
+ TODO: check
CVE-2019-14313 (A SQL injection vulnerability exists in the 10Web Photo Gallery plugin ...)
NOT-FOR-US: 10Web Photo Gallery plugin for WordPress
CVE-2019-14312 (Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulner ...)
@@ -7272,22 +7364,19 @@ CVE-2019-13488 (A cross-site scripting (XSS) vulnerability in static/js/trape.js
NOT-FOR-US: Trape
CVE-2019-13487
RESERVED
-CVE-2019-13486
- RESERVED
+CVE-2019-13486 (In Xymon through 4.3.28, a stack-based buffer overflow exists in the s ...)
{DLA-1898-1}
- xymon 4.3.29-1
[buster] - xymon <no-dsa> (Minor issue)
[stretch] - xymon <no-dsa> (Minor issue)
NOTE: https://lists.xymon.com/archive/2019-July/046570.html
-CVE-2019-13485
- RESERVED
+CVE-2019-13485 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerability e ...)
{DLA-1898-1}
- xymon 4.3.29-1
[buster] - xymon <no-dsa> (Minor issue)
[stretch] - xymon <no-dsa> (Minor issue)
NOTE: https://lists.xymon.com/archive/2019-July/046570.html
-CVE-2019-13484
- RESERVED
+CVE-2019-13484 (In Xymon through 4.3.28, a buffer overflow exists in the status-log vi ...)
{DLA-1898-1}
- xymon 4.3.29-1
[buster] - xymon <no-dsa> (Minor issue)
@@ -7366,8 +7455,7 @@ CVE-2019-13456
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586 (3.0.x)
NOTE: Issue seems to be treated as different issue than CVE-2019-11234 and CVE-2019-11235
TODO: double check assessment and classification
-CVE-2019-13455
- RESERVED
+CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerability e ...)
{DLA-1898-1}
- xymon 4.3.29-1
[buster] - xymon <no-dsa> (Minor issue)
@@ -7385,15 +7473,13 @@ CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed z
[jessie] - zipios++ <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/
NOTE: Patch: https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch
-CVE-2019-13452
- RESERVED
+CVE-2019-13452 (In Xymon through 4.3.28, a buffer overflow vulnerability exists in rep ...)
{DLA-1898-1}
- xymon 4.3.29-1
[buster] - xymon <no-dsa> (Minor issue)
[stretch] - xymon <no-dsa> (Minor issue)
NOTE: https://lists.xymon.com/archive/2019-July/046570.html
-CVE-2019-13451
- RESERVED
+CVE-2019-13451 (In Xymon through 4.3.28, a buffer overflow vulnerability exists in his ...)
{DLA-1898-1}
- xymon 4.3.29-1
[buster] - xymon <no-dsa> (Minor issue)
@@ -7841,15 +7927,13 @@ CVE-2019-13276 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 co
NOT-FOR-US: TRENDnet
CVE-2019-13275 (An issue was discovered in the VeronaLabs wp-statistics plugin before ...)
NOT-FOR-US: VeronaLabs wp-statistics plugin for WordPress
-CVE-2019-13274
- RESERVED
+CVE-2019-13274 (In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CG ...)
{DLA-1898-1}
- xymon 4.3.29-1
[buster] - xymon <no-dsa> (Minor issue)
[stretch] - xymon <no-dsa> (Minor issue)
NOTE: https://lists.xymon.com/archive/2019-July/046570.html
-CVE-2019-13273
- RESERVED
+CVE-2019-13273 (In Xymon through 4.3.28, a buffer overflow vulnerability exists in the ...)
{DLA-1898-1}
- xymon 4.3.29-1
[buster] - xymon <no-dsa> (Minor issue)
@@ -7861,24 +7945,24 @@ CVE-2019-13272 (In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1140671
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
NOTE: https://git.kernel.org/linus/6994eefb0053799d2e07cd140df6c2ea106c41ee
-CVE-2019-13271
- RESERVED
-CVE-2019-13270
- RESERVED
-CVE-2019-13269
- RESERVED
-CVE-2019-13268
- RESERVED
-CVE-2019-13267
- RESERVED
-CVE-2019-13266
- RESERVED
-CVE-2019-13265
- RESERVED
-CVE-2019-13264
- RESERVED
-CVE-2019-13263
- RESERVED
+CVE-2019-13271 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...)
+ TODO: check
+CVE-2019-13270 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...)
+ TODO: check
+CVE-2019-13269 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...)
+ TODO: check
+CVE-2019-13268 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...)
+ TODO: check
+CVE-2019-13267 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...)
+ TODO: check
+CVE-2019-13266 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...)
+ TODO: check
+CVE-2019-13265 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...)
+ TODO: check
+CVE-2019-13264 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...)
+ TODO: check
+CVE-2019-13263 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...)
+ TODO: check
CVE-2019-13262 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
NOT-FOR-US: XnView
CVE-2019-13261 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
@@ -7935,14 +8019,14 @@ CVE-2019-13239 (inc/user.class.php in GLPI before 9.4.3 allows XSS via a user pi
NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-13238 (An issue was discovered in Bento4 1.5.1.0. A memory allocation failure ...)
NOT-FOR-US: Bento4
-CVE-2019-13237
- RESERVED
-CVE-2019-13236
- RESERVED
-CVE-2019-13235
- RESERVED
-CVE-2019-13234
- RESERVED
+CVE-2019-13237 (In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vul ...)
+ TODO: check
+CVE-2019-13236 (In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are m ...)
+ TODO: check
+CVE-2019-13235 (In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS ...)
+ TODO: check
+CVE-2019-13234 (In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS ...)
+ TODO: check
CVE-2019-13232 (Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP co ...)
{DLA-1846-1}
- unzip 6.0-24 (unimportant; bug #931433)
@@ -12738,8 +12822,8 @@ CVE-2019-11458 (An issue was discovered in SmtpTransport in CakePHP 3.7.6. An un
- cakephp <not-affected> (Vulnerable code introduced in 3.0.0)
NOTE: https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e
NOTE: https://github.com/cakephp/cakephp/pull/13153
-CVE-2019-11457
- RESERVED
+CVE-2019-11457 (Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /chang ...)
+ TODO: check
CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. ...)
NOT-FOR-US: Gila CMS
CVE-2019-11455 (A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit bef ...)
@@ -18706,7 +18790,7 @@ CVE-2019-9571
RESERVED
CVE-2019-9570 (An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom tex ...)
NOT-FOR-US: YzmCMS
-CVE-2019-9569 (Buffer Overflow in dacterea in Delta Controls enteliBUS Manager V3.40_ ...)
+CVE-2019-9569 (Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_ ...)
TODO: check
CVE-2019-9568 (The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1 ...)
NOT-FOR-US: WordPress plugin forminator
@@ -49338,7 +49422,7 @@ CVE-2018-17559
CVE-2018-17558
RESERVED
CVE-2018-17557
- RESERVED
+ REJECTED
CVE-2018-17556 (MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Sou ...)
NOT-FOR-US: MODX Revolution
CVE-2018-17555 (The web component on ARRIS TG2492LG-NA 061213 devices allows remote at ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e65f0bc253ade2bdb7ac5c04839114a8cca3c0ff
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e65f0bc253ade2bdb7ac5c04839114a8cca3c0ff
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190827/b7fdba34/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list