[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Aug 27 21:10:31 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e65f0bc2 by security tracker role at 2019-08-27T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,102 +1,194 @@
-CVE-2019-15666 (An issue was discovered in the Linux kernel before 5.0.19. There is an ...)
-	- linux 5.2.6-1
-	[jessie] - linux 3.16.72-1
-	NOTE: https://git.kernel.org/linus/b805d78d300bcf2c83d6df7da0c818b0fee41427
-CVE-2019-15665
+CVE-2019-15712
 	RESERVED
-CVE-2019-15664
+CVE-2019-15711
 	RESERVED
-CVE-2019-15663
+CVE-2019-15710
 	RESERVED
-CVE-2019-15662
+CVE-2019-15709
 	RESERVED
-CVE-2019-15661
+CVE-2019-15708
 	RESERVED
-CVE-2019-15660
+CVE-2019-15707
 	RESERVED
-CVE-2019-15659
+CVE-2019-15706
 	RESERVED
-CVE-2019-15658 (connect-pg-simple before 6.0.1 allows SQL injection if tableName or sc ...)
+CVE-2019-15705
+	RESERVED
+CVE-2019-15704
+	RESERVED
+CVE-2019-15703
+	RESERVED
+CVE-2019-15702 (In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the pars ...)
 	TODO: check
-CVE-2019-15657 (In eslint-utils before 1.4.1, the getStaticValue function can execute  ...)
+CVE-2019-15701 (components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote atta ...)
 	TODO: check
-CVE-2019-15656
+CVE-2019-15700 (public/js/frappe/form/footer/timeline.js in Frappe Framework 12 throug ...)
+	TODO: check
+CVE-2019-15699
 	RESERVED
-CVE-2019-15655
+CVE-2019-15698 (In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, ...)
+	TODO: check
+CVE-2019-15697
 	RESERVED
-CVE-2019-15654
+CVE-2019-15696
 	RESERVED
-CVE-2019-15653
+CVE-2019-15695
 	RESERVED
-CVE-2019-15652
+CVE-2019-15694
 	RESERVED
-CVE-2019-15651 (wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCert ...)
-	- wolfssl <unfixed>
-	NOTE: https://github.com/wolfSSL/wolfssl/issues/2421
-CVE-2019-15650
+CVE-2019-15693
 	RESERVED
-CVE-2019-15649
+CVE-2019-15692
 	RESERVED
-CVE-2019-15648
+CVE-2019-15691
 	RESERVED
-CVE-2019-15647
+CVE-2019-15690
 	RESERVED
-CVE-2019-15646
+CVE-2019-15689
 	RESERVED
-CVE-2019-15645
+CVE-2019-15688
 	RESERVED
-CVE-2019-15644
+CVE-2019-15687
 	RESERVED
-CVE-2019-15643
+CVE-2019-15686
 	RESERVED
-CVE-2018-21006
+CVE-2019-15685
 	RESERVED
-CVE-2018-21005
+CVE-2019-15684
 	RESERVED
-CVE-2018-21004
+CVE-2019-15683
 	RESERVED
-CVE-2018-21003
+CVE-2019-15682
 	RESERVED
-CVE-2018-21002
+CVE-2019-15681
 	RESERVED
-CVE-2018-21001
+CVE-2019-15680
 	RESERVED
-CVE-2017-18592
+CVE-2019-15679
 	RESERVED
-CVE-2017-18591
+CVE-2019-15678
 	RESERVED
-CVE-2017-18590
+CVE-2019-15677
 	RESERVED
-CVE-2016-10936
+CVE-2019-15676
 	RESERVED
-CVE-2016-10935
+CVE-2019-15675
 	RESERVED
-CVE-2016-10934
+CVE-2019-15674
 	RESERVED
-CVE-2015-9352
+CVE-2019-15673
 	RESERVED
-CVE-2015-9351
+CVE-2019-15672
 	RESERVED
-CVE-2015-9350
+CVE-2019-15671
+	RESERVED
+CVE-2019-15670
+	RESERVED
+CVE-2019-15669
+	RESERVED
+CVE-2019-15668
+	RESERVED
+CVE-2019-15667
+	RESERVED
+CVE-2019-15666 (An issue was discovered in the Linux kernel before 5.0.19. There is an ...)
+	- linux 5.2.6-1
+	[jessie] - linux 3.16.72-1
+	NOTE: https://git.kernel.org/linus/b805d78d300bcf2c83d6df7da0c818b0fee41427
+CVE-2019-15665
 	RESERVED
-CVE-2015-9349
+CVE-2019-15664
 	RESERVED
-CVE-2015-9348
+CVE-2019-15663
 	RESERVED
-CVE-2015-9347
+CVE-2019-15662
 	RESERVED
-CVE-2015-9346
+CVE-2019-15661
 	RESERVED
-CVE-2015-9345
+CVE-2019-15660 (The wp-members plugin before 3.2.8 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2019-15659 (The pie-register plugin before 3.1.2 for WordPress has SQL injection,  ...)
+	TODO: check
+CVE-2019-15658 (connect-pg-simple before 6.0.1 allows SQL injection if tableName or sc ...)
+	TODO: check
+CVE-2019-15657 (In eslint-utils before 1.4.1, the getStaticValue function can execute  ...)
+	TODO: check
+CVE-2019-15656
 	RESERVED
-CVE-2015-9344
+CVE-2019-15655
 	RESERVED
-CVE-2015-9343
+CVE-2019-15654
 	RESERVED
-CVE-2015-9342
+CVE-2019-15653
 	RESERVED
-CVE-2014-10395
+CVE-2019-15652
 	RESERVED
+CVE-2019-15651 (wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCert ...)
+	- wolfssl <unfixed>
+	NOTE: https://github.com/wolfSSL/wolfssl/issues/2421
+CVE-2019-15650 (The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPr ...)
+	TODO: check
+CVE-2019-15649 (The insert-or-embed-articulate-content-into-wordpress plugin before 4. ...)
+	TODO: check
+CVE-2019-15648 (The insert-or-embed-articulate-content-into-wordpress plugin before 4. ...)
+	TODO: check
+CVE-2019-15647 (The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-aj ...)
+	TODO: check
+CVE-2019-15646 (The rsvpmaker plugin before 6.2 for WordPress has SQL injection. ...)
+	TODO: check
+CVE-2019-15645 (The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2019-15644 (The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. ...)
+	TODO: check
+CVE-2019-15643 (The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. ...)
+	TODO: check
+CVE-2018-21006 (The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2018-21005 (The bbp-move-topics plugin before 1.1.6 for WordPress has code injecti ...)
+	TODO: check
+CVE-2018-21004 (The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. ...)
+	TODO: check
+CVE-2018-21003 (The buddyforms plugin before 2.2.8 for WordPress has SQL injection. ...)
+	TODO: check
+CVE-2018-21002 (The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2018-21001 (The anycomment plugin before 0.0.33 for WordPress has XSS. ...)
+	TODO: check
+CVE-2017-18592 (The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has  ...)
+	TODO: check
+CVE-2017-18591 (The gd-rating-system plugin before 2.1 for WordPress has XSS in log.ph ...)
+	TODO: check
+CVE-2017-18590 (The timesheet plugin before 0.1.5 for WordPress has multiple XSS issue ...)
+	TODO: check
+CVE-2016-10936 (The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll b ...)
+	TODO: check
+CVE-2016-10935 (The woocommerce-exporter plugin before 1.8.4 for WordPress has privile ...)
+	TODO: check
+CVE-2016-10934 (The check-email plugin before 0.5.2 for WordPress has XSS. ...)
+	TODO: check
+CVE-2015-9352 (The wp-polls plugin before 2.72 for WordPress has SQL injection. ...)
+	TODO: check
+CVE-2015-9351 (The feed-them-social plugin before 1.7.0 for WordPress has possible sh ...)
+	TODO: check
+CVE-2015-9350 (The feed-them-social plugin before 1.7.0 for WordPress has reflected X ...)
+	TODO: check
+CVE-2015-9349 (The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has ref ...)
+	TODO: check
+CVE-2015-9348 (The sell-downloads plugin before 1.0.8 for WordPress has insufficient  ...)
+	TODO: check
+CVE-2015-9347 (The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors. ...)
+	TODO: check
+CVE-2015-9346 (The cp-polls plugin before 1.0.5 for WordPress has XSS. ...)
+	TODO: check
+CVE-2015-9345 (The link-log plugin before 2.0 for WordPress has HTTP Response Splitti ...)
+	TODO: check
+CVE-2015-9344 (The link-log plugin before 2.1 for WordPress has SQL injection. ...)
+	TODO: check
+CVE-2015-9343 (The wp-rollback plugin before 1.2.3 for WordPress has CSRF. ...)
+	TODO: check
+CVE-2015-9342 (The wp-rollback plugin before 1.2.3 for WordPress has XSS. ...)
+	TODO: check
+CVE-2014-10395 (The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes li ...)
+	TODO: check
 CVE-2019-15642 (rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execu ...)
 	- webmin <removed>
 CVE-2019-15641 (xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. B ...)
@@ -827,7 +919,7 @@ CVE-2019-15316 (Valve Steam Client for Windows through 2019-08-20 has weak folde
 	NOT-FOR-US: Valve Steam Client for Windows
 CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows privilege esc ...)
 	NOT-FOR-US: Valve Steam Client for Windows
-CVE-2018-20986 (The advanced-custom-fields plugin before 5.7.8 for WordPress has XSS b ...)
+CVE-2018-20986 (The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields)  ...)
 	NOT-FOR-US: advanced-custom-fields plugin for WordPress
 CVE-2018-20985 (The wp-payeezy-pay plugin before 2.98 for WordPress has local file inc ...)
 	NOT-FOR-US: wp-payeezy-pay plugin for WordPress
@@ -4308,8 +4400,8 @@ CVE-2019-14316
 	RESERVED
 CVE-2019-14315 (A cross-site scripting (XSS) vulnerability in upload.php in SunHater K ...)
 	NOT-FOR-US: SunHater KCFinder
-CVE-2019-14314
-	RESERVED
+CVE-2019-14314 (A SQL injection vulnerability exists in the Imagely NextGEN Gallery pl ...)
+	TODO: check
 CVE-2019-14313 (A SQL injection vulnerability exists in the 10Web Photo Gallery plugin ...)
 	NOT-FOR-US: 10Web Photo Gallery plugin for WordPress
 CVE-2019-14312 (Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulner ...)
@@ -7272,22 +7364,19 @@ CVE-2019-13488 (A cross-site scripting (XSS) vulnerability in static/js/trape.js
 	NOT-FOR-US: Trape
 CVE-2019-13487
 	RESERVED
-CVE-2019-13486
-	RESERVED
+CVE-2019-13486 (In Xymon through 4.3.28, a stack-based buffer overflow exists in the s ...)
 	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
 	[stretch] - xymon <no-dsa> (Minor issue)
 	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
-CVE-2019-13485
-	RESERVED
+CVE-2019-13485 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerability e ...)
 	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
 	[stretch] - xymon <no-dsa> (Minor issue)
 	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
-CVE-2019-13484
-	RESERVED
+CVE-2019-13484 (In Xymon through 4.3.28, a buffer overflow exists in the status-log vi ...)
 	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
@@ -7366,8 +7455,7 @@ CVE-2019-13456
 	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586 (3.0.x)
 	NOTE: Issue seems to be treated as different issue than CVE-2019-11234 and CVE-2019-11235
 	TODO: double check assessment and classification
-CVE-2019-13455
-	RESERVED
+CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerability e ...)
 	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
@@ -7385,15 +7473,13 @@ CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed z
 	[jessie] - zipios++ <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/
 	NOTE: Patch: https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch
-CVE-2019-13452
-	RESERVED
+CVE-2019-13452 (In Xymon through 4.3.28, a buffer overflow vulnerability exists in rep ...)
 	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
 	[stretch] - xymon <no-dsa> (Minor issue)
 	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
-CVE-2019-13451
-	RESERVED
+CVE-2019-13451 (In Xymon through 4.3.28, a buffer overflow vulnerability exists in his ...)
 	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
@@ -7841,15 +7927,13 @@ CVE-2019-13276 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 co
 	NOT-FOR-US: TRENDnet
 CVE-2019-13275 (An issue was discovered in the VeronaLabs wp-statistics plugin before  ...)
 	NOT-FOR-US: VeronaLabs wp-statistics plugin for WordPress
-CVE-2019-13274
-	RESERVED
+CVE-2019-13274 (In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CG ...)
 	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
 	[stretch] - xymon <no-dsa> (Minor issue)
 	NOTE: https://lists.xymon.com/archive/2019-July/046570.html
-CVE-2019-13273
-	RESERVED
+CVE-2019-13273 (In Xymon through 4.3.28, a buffer overflow vulnerability exists in the ...)
 	{DLA-1898-1}
 	- xymon 4.3.29-1
 	[buster] - xymon <no-dsa> (Minor issue)
@@ -7861,24 +7945,24 @@ CVE-2019-13272 (In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1140671
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
 	NOTE: https://git.kernel.org/linus/6994eefb0053799d2e07cd140df6c2ea106c41ee
-CVE-2019-13271
-	RESERVED
-CVE-2019-13270
-	RESERVED
-CVE-2019-13269
-	RESERVED
-CVE-2019-13268
-	RESERVED
-CVE-2019-13267
-	RESERVED
-CVE-2019-13266
-	RESERVED
-CVE-2019-13265
-	RESERVED
-CVE-2019-13264
-	RESERVED
-CVE-2019-13263
-	RESERVED
+CVE-2019-13271 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...)
+	TODO: check
+CVE-2019-13270 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...)
+	TODO: check
+CVE-2019-13269 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...)
+	TODO: check
+CVE-2019-13268 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...)
+	TODO: check
+CVE-2019-13267 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...)
+	TODO: check
+CVE-2019-13266 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...)
+	TODO: check
+CVE-2019-13265 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...)
+	TODO: check
+CVE-2019-13264 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...)
+	TODO: check
+CVE-2019-13263 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...)
+	TODO: check
 CVE-2019-13262 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
 	NOT-FOR-US: XnView
 CVE-2019-13261 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
@@ -7935,14 +8019,14 @@ CVE-2019-13239 (inc/user.class.php in GLPI before 9.4.3 allows XSS via a user pi
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2019-13238 (An issue was discovered in Bento4 1.5.1.0. A memory allocation failure ...)
 	NOT-FOR-US: Bento4
-CVE-2019-13237
-	RESERVED
-CVE-2019-13236
-	RESERVED
-CVE-2019-13235
-	RESERVED
-CVE-2019-13234
-	RESERVED
+CVE-2019-13237 (In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vul ...)
+	TODO: check
+CVE-2019-13236 (In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are m ...)
+	TODO: check
+CVE-2019-13235 (In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS ...)
+	TODO: check
+CVE-2019-13234 (In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS ...)
+	TODO: check
 CVE-2019-13232 (Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP co ...)
 	{DLA-1846-1}
 	- unzip 6.0-24 (unimportant; bug #931433)
@@ -12738,8 +12822,8 @@ CVE-2019-11458 (An issue was discovered in SmtpTransport in CakePHP 3.7.6. An un
 	- cakephp <not-affected> (Vulnerable code introduced in 3.0.0)
 	NOTE: https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e
 	NOTE: https://github.com/cakephp/cakephp/pull/13153
-CVE-2019-11457
-	RESERVED
+CVE-2019-11457 (Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /chang ...)
+	TODO: check
 CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. ...)
 	NOT-FOR-US: Gila CMS
 CVE-2019-11455 (A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit bef ...)
@@ -18706,7 +18790,7 @@ CVE-2019-9571
 	RESERVED
 CVE-2019-9570 (An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom tex ...)
 	NOT-FOR-US: YzmCMS
-CVE-2019-9569 (Buffer Overflow in dacterea in Delta Controls enteliBUS Manager V3.40_ ...)
+CVE-2019-9569 (Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_ ...)
 	TODO: check
 CVE-2019-9568 (The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1 ...)
 	NOT-FOR-US: WordPress plugin forminator
@@ -49338,7 +49422,7 @@ CVE-2018-17559
 CVE-2018-17558
 	RESERVED
 CVE-2018-17557
-	RESERVED
+	REJECTED
 CVE-2018-17556 (MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Sou ...)
 	NOT-FOR-US: MODX Revolution
 CVE-2018-17555 (The web component on ARRIS TG2492LG-NA 061213 devices allows remote at ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e65f0bc253ade2bdb7ac5c04839114a8cca3c0ff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e65f0bc253ade2bdb7ac5c04839114a8cca3c0ff
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190827/b7fdba34/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list