[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 28 21:10:40 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3bc5be41 by security tracker role at 2019-08-28T20:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,71 +1,145 @@
-CVE-2019-15714
+CVE-2019-15751
RESERVED
-CVE-2019-15713
+CVE-2019-15750
RESERVED
-CVE-2017-18593
+CVE-2019-15749
RESERVED
-CVE-2015-9379
+CVE-2019-15748
RESERVED
-CVE-2015-9378
+CVE-2019-15747
RESERVED
-CVE-2015-9377
+CVE-2019-15746
RESERVED
-CVE-2015-9376
+CVE-2019-15745
RESERVED
-CVE-2015-9375
+CVE-2019-15744
RESERVED
-CVE-2015-9374
+CVE-2019-15743
RESERVED
-CVE-2015-9373
+CVE-2019-15742
RESERVED
-CVE-2015-9372
+CVE-2019-15741
RESERVED
-CVE-2015-9371
+CVE-2019-15740
RESERVED
-CVE-2015-9370
+CVE-2019-15739
RESERVED
-CVE-2015-9369
+CVE-2019-15738
RESERVED
-CVE-2015-9368
+CVE-2019-15737
RESERVED
-CVE-2015-9367
+CVE-2019-15736
RESERVED
-CVE-2015-9366
+CVE-2019-15735
RESERVED
-CVE-2015-9365
+CVE-2019-15734
RESERVED
-CVE-2015-9364
+CVE-2019-15733
RESERVED
-CVE-2015-9363
+CVE-2019-15732
RESERVED
-CVE-2015-9362
+CVE-2019-15731
RESERVED
-CVE-2015-9361
+CVE-2019-15730
RESERVED
-CVE-2015-9360
+CVE-2019-15729
RESERVED
-CVE-2015-9359
+CVE-2019-15728
RESERVED
-CVE-2015-9358
+CVE-2019-15727
RESERVED
-CVE-2015-9357
+CVE-2019-15726
RESERVED
-CVE-2015-9356
+CVE-2019-15725
RESERVED
-CVE-2015-9355
+CVE-2019-15724
RESERVED
-CVE-2015-9354
+CVE-2019-15723
RESERVED
-CVE-2015-9353
+CVE-2019-15722
RESERVED
-CVE-2012-6719
+CVE-2019-15721
RESERVED
-CVE-2012-6718
+CVE-2019-15720 (CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pr ...)
+ TODO: check
+CVE-2019-15719
+ RESERVED
+CVE-2019-15718
RESERVED
-CVE-2012-6717
+CVE-2019-15717
RESERVED
-CVE-2011-5329
+CVE-2019-15716 (WTF before 0.19.0 does not set the permissions of config.yml, which mi ...)
+ TODO: check
+CVE-2019-15715
RESERVED
+CVE-2019-15714 (cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ ...)
+ TODO: check
+CVE-2019-15713 (The my-calendar plugin before 3.1.10 for WordPress has XSS. ...)
+ TODO: check
+CVE-2017-18593 (The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cas ...)
+ TODO: check
+CVE-2015-9379 (iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via a ...)
+ TODO: check
+CVE-2015-9378 (iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via a ...)
+ TODO: check
+CVE-2015-9377 (iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via ad ...)
+ TODO: check
+CVE-2015-9376 (iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() ...)
+ TODO: check
+CVE-2015-9375 (Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordP ...)
+ TODO: check
+CVE-2015-9374 (Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS ...)
+ TODO: check
+CVE-2015-9373 (PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has ...)
+ TODO: check
+CVE-2015-9372 (Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has ...)
+ TODO: check
+CVE-2015-9371 (Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPres ...)
+ TODO: check
+CVE-2015-9370 (Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XS ...)
+ TODO: check
+CVE-2015-9369 (Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordP ...)
+ TODO: check
+CVE-2015-9368 (Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2 ...)
+ TODO: check
+CVE-2015-9367 (Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for ...)
+ TODO: check
+CVE-2015-9366 (Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordP ...)
+ TODO: check
+CVE-2015-9365 (Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress h ...)
+ TODO: check
+CVE-2015-9364 (2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has X ...)
+ TODO: check
+CVE-2015-9363 (iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg ...)
+ TODO: check
+CVE-2015-9362 (The Post Connector plugin before 1.0.4 for WordPress has XSS via add_q ...)
+ TODO: check
+CVE-2015-9361 (The Related Posts plugin before 1.8.2 for WordPress has XSS via add_qu ...)
+ TODO: check
+CVE-2015-9360 (The updraftplus plugin before 1.9.64 for WordPress has XSS via add_que ...)
+ TODO: check
+CVE-2015-9359 (The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_ar ...)
+ TODO: check
+CVE-2015-9358 (The feedwordpress plugin before 2015.0514 for WordPress has XSS via ad ...)
+ TODO: check
+CVE-2015-9357 (The akismet plugin before 3.1.5 for WordPress has XSS. ...)
+ TODO: check
+CVE-2015-9356 (The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_quer ...)
+ TODO: check
+CVE-2015-9355 (The two-factor-authentication plugin before 1.1.10 for WordPress has X ...)
+ TODO: check
+CVE-2015-9354 (The gigpress plugin before 2.3.11 for WordPress has XSS. ...)
+ TODO: check
+CVE-2015-9353 (The gigpress plugin before 2.3.11 for WordPress has SQL injection in t ...)
+ TODO: check
+CVE-2012-6719 (The sharebar plugin before 1.2.2 for WordPress has SQL injection. ...)
+ TODO: check
+CVE-2012-6718 (The sharebar plugin before 1.2.2 for WordPress has XSS, a different is ...)
+ TODO: check
+CVE-2012-6717 (The redirection plugin before 2.2.12 for WordPress has XSS, a differen ...)
+ TODO: check
+CVE-2011-5329 (The redirection plugin before 2.2.9 for WordPress has XSS in the admin ...)
+ TODO: check
CVE-2019-15712
RESERVED
CVE-2019-15711
@@ -589,8 +663,8 @@ CVE-2019-15498 (cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allo
NOT-FOR-US: Vera Edge Home Controller
CVE-2019-15497 (Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box ...)
TODO: check
-CVE-2019-15496
- RESERVED
+CVE-2019-15496 (MyT Project Management 1.5.1 lacks CSRF protection and, for example, a ...)
+ TODO: check
CVE-2019-15495
RESERVED
CVE-2019-15494 (openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. ...)
@@ -1138,12 +1212,13 @@ CVE-2019-15298
CVE-2019-15297
RESERVED
CVE-2019-15296 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
+ {DLA-1899-1}
- faad2 2.8.8-3
NOTE: https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174
CVE-2019-15295 (An Untrusted Search Path vulnerability in the ServiceInstance.dll libr ...)
NOT-FOR-US: Bitdefender Antivirus Free
-CVE-2019-15294
- RESERVED
+CVE-2019-15294 (An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1 ...)
+ TODO: check
CVE-2019-15293 (An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 115 ...)
NOT-FOR-US: ACDSee
CVE-2019-15289
@@ -1281,8 +1356,8 @@ CVE-2019-15232 (Live555 before 2019.08.16 has a Use-After-Free because GenericMe
NOTE: Fixed upstream in 2019.08.16 according to available information.
CVE-2019-15231
REJECTED
-CVE-2019-15230
- RESERVED
+CVE-2019-15230 (LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Noti ...)
+ TODO: check
CVE-2019-15229 (FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of ...)
NOT-FOR-US: FUEL CMS
CVE-2019-15228 (FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin conso ...)
@@ -7810,8 +7885,8 @@ CVE-2019-13350
RESERVED
CVE-2019-13349
RESERVED
-CVE-2019-13348
- RESERVED
+CVE-2019-13348 (In Knowage through 6.1.1, an authenticated user who accesses the datas ...)
+ TODO: check
CVE-2019-13347
RESERVED
CVE-2019-13346 (In MyT 1.5.1, the User[username] parameter has XSS. ...)
@@ -8257,8 +8332,8 @@ CVE-2019-13191
RESERVED
CVE-2019-13190
RESERVED
-CVE-2019-13189
- RESERVED
+CVE-2019-13189 (In Knowage through 6.1.1, there is XSS via the start_url or user_id fi ...)
+ TODO: check
CVE-2019-13188
RESERVED
CVE-2019-13187
@@ -9749,8 +9824,8 @@ CVE-2019-12645
RESERVED
CVE-2019-12644
RESERVED
-CVE-2019-12643
- RESERVED
+CVE-2019-12643 (A vulnerability in the Cisco REST API virtual service container for Ci ...)
+ TODO: check
CVE-2019-12642
RESERVED
CVE-2019-12641
@@ -12754,6 +12829,7 @@ CVE-2019-11501
RESERVED
CVE-2019-11500
RESERVED
+ {DSA-4510-1}
- dovecot <unfixed>
NOTE: https://dovecot.org/pipermail/dovecot-news/2019-August/000418.html
NOTE: core: https://github.com/dovecot/core/commit/85fcb895ca7f0bcb8ee72047fe0e1e78532ff90b
@@ -15605,10 +15681,10 @@ CVE-2019-10393
RESERVED
CVE-2019-10392
RESERVED
-CVE-2019-10391
- RESERVED
-CVE-2019-10390
- RESERVED
+CVE-2019-10391 (Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier tra ...)
+ TODO: check
+CVE-2019-10390 (A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earl ...)
+ TODO: check
CVE-2019-10389 (A missing permission check in Jenkins Relution Enterprise Appstore Pub ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10388 (A cross-site request forgery vulnerability in Jenkins Relution Enterpr ...)
@@ -15619,10 +15695,10 @@ CVE-2019-10386 (A cross-site request forgery vulnerability in Jenkins XL TestVie
NOT-FOR-US: Jenkins plugin
CVE-2019-10385 (Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10384
- RESERVED
-CVE-2019-10383
- RESERVED
+CVE-2019-10384 (Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to ob ...)
+ TODO: check
+CVE-2019-10383 (A stored cross-site scripting vulnerability in Jenkins 2.191 and earli ...)
+ TODO: check
CVE-2019-10382 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SS ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10381 (Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS ...)
@@ -16476,7 +16552,7 @@ CVE-2019-10099 (Prior to Spark 2.3.3, in certain situations Spark would write us
NOT-FOR-US: Apache Spark
CVE-2019-10098 [mod_rewrite configurations vulnerable to open redirect]
RESERVED
- {DSA-4509-1}
+ {DSA-4509-1 DLA-1900-1}
- apache2 2.4.41-1
NOTE: Affects upstream versions 2.4.0 to 2.4.39
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10098
@@ -16505,7 +16581,7 @@ CVE-2019-10093 (In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006m
NOTE: https://github.com/apache/tika/commit/81c21ab0aac6b3e4102a1a8906c8c7eab6f96dae
CVE-2019-10092 [Limited cross-site scripting in mod_proxy]
RESERVED
- {DSA-4509-1}
+ {DSA-4509-1 DLA-1900-1}
- apache2 2.4.41-1
NOTE: Affects upstream versions 2.4.0 to 2.4.39
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10092
@@ -16615,8 +16691,8 @@ CVE-2019-10060 (The Verix Multi-app Conductor application 2.7 for Verifone Verix
NOT-FOR-US: Verix Multi-app Conductor application for Verifone Verix
CVE-2019-10059
RESERVED
-CVE-2019-10058
- RESERVED
+CVE-2019-10058 (Various Lexmark products have Incorrect Access Control. ...)
+ TODO: check
CVE-2019-10057
RESERVED
CVE-2019-10056
@@ -16924,10 +17000,10 @@ CVE-2019-9936 (In SQLite 3.27.2, running fts5 prefix queries inside a transactio
[stretch] - sqlite3 <no-dsa> (Minor issue)
[jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://sqlite.org/src/info/b3fa58dd7403dbd4
-CVE-2019-9935
- RESERVED
-CVE-2019-9934
- RESERVED
+CVE-2019-9935 (Various Lexmark products have Incorrect Access Control (issue 2 of 2). ...)
+ TODO: check
+CVE-2019-9934 (Various Lexmark products have Incorrect Access Control (issue 1 of 2). ...)
+ TODO: check
CVE-2019-9933
RESERVED
CVE-2019-9932
@@ -25541,6 +25617,7 @@ CVE-2019-6958 (A recently discovered security vulnerability affects all Bosch Vi
CVE-2019-6957 (A recently discovered security vulnerability affects all Bosch Video M ...)
NOT-FOR-US: Bosch
CVE-2019-6956 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
+ {DLA-1899-1}
- faad2 2.8.8-3.1 (bug #914641)
[buster] - faad2 <no-dsa> (Minor issue)
[stretch] - faad2 <no-dsa> (Minor issue)
@@ -29076,8 +29153,8 @@ CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOO
TODO: check
CVE-2019-5591
RESERVED
-CVE-2019-5590
- RESERVED
+CVE-2019-5590 (The URL part of the report message is not encoded in Fortinet FortiWeb ...)
+ TODO: check
CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online Installer (W ...)
NOT-FOR-US: FortiGuard
CVE-2019-5588 (A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet Forti ...)
@@ -34860,6 +34937,7 @@ CVE-2018-20361 (An invalid memory address dereference was discovered in the hf_a
NOTE: https://github.com/knik0/faad2/issues/30
NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
CVE-2018-20360 (An invalid memory address dereference was discovered in the sbr_proces ...)
+ {DLA-1899-1}
- faad2 2.8.8-3.1 (low)
[buster] - faad2 <no-dsa> (Minor issue)
[stretch] - faad2 <no-dsa> (Minor issue)
@@ -35465,6 +35543,7 @@ CVE-2018-20200 (** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12
NOTE: https://github.com/square/okhttp/issues/4967
NOTE: No practicable security imapacting relevance
CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
+ {DLA-1899-1}
- faad2 2.8.8-3.1 (low)
[buster] - faad2 <no-dsa> (Minor issue)
[stretch] - faad2 <no-dsa> (Minor issue)
@@ -35484,6 +35563,7 @@ CVE-2018-20197 (There is a stack-based buffer underflow in the third instance of
NOTE: very similar to CVE-2018-20194, same fix:
NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
CVE-2018-20196 (There is a stack-based buffer overflow in the third instance of the ca ...)
+ {DLA-1899-1}
- faad2 2.8.8-3.1
NOTE: https://github.com/knik0/faad2/issues/19
NOTE: https://github.com/knik0/faad2/commit/6aeeaa1af0caf986daf22852a97f7c13c5edd879
@@ -39318,14 +39398,14 @@ CVE-2019-1967
RESERVED
CVE-2019-1966
RESERVED
-CVE-2019-1965
- RESERVED
-CVE-2019-1964
- RESERVED
-CVE-2019-1963
- RESERVED
-CVE-2019-1962
- RESERVED
+CVE-2019-1965 (A vulnerability in the Virtual Shell (VSH) session management for Cisc ...)
+ TODO: check
+CVE-2019-1964 (A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software ...)
+ TODO: check
+CVE-2019-1963 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
+ TODO: check
+CVE-2019-1962 (A vulnerability in the Cisco Fabric Services component of Cisco NX-OS ...)
+ TODO: check
CVE-2019-1961 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
NOT-FOR-US: Cisco
CVE-2019-1960 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...)
@@ -44028,6 +44108,7 @@ CVE-2018-19503 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FA
NOTE: https://github.com/knik0/faad2/issues/18
NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3
CVE-2018-19502 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
+ {DLA-1899-1}
- faad2 2.8.8-3 (bug #914641)
NOTE: https://sourceforge.net/p/faac/bugs/240/
NOTE: https://github.com/knik0/faad2/issues/22
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3bc5be416537699ac3ede774f7064379b22f2d83
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3bc5be416537699ac3ede774f7064379b22f2d83
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190828/5803e6e3/attachment.html>
More information about the debian-security-tracker-commits
mailing list