[Git][security-tracker-team/security-tracker][master] automatic update

Thu Dec 26 08:10:28 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
924b5d17 by security tracker role at 2019-12-26T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,76 @@
-CVE-2019-19977 [stack-based buffer over-read]
+CVE-2019-20003
+	RESERVED
+CVE-2019-20002
+	RESERVED
+CVE-2019-20001
+	RESERVED
+CVE-2019-20000 (The malware scan function in BullGuard Premium Protection 20.0.371.8 h ...)
+	TODO: check
+CVE-2019-19999 (Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI)  ...)
+	TODO: check
+CVE-2019-19998 (Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. ...)
+	TODO: check
+CVE-2019-19997
+	RESERVED
+CVE-2019-19996
+	RESERVED
+CVE-2019-19995
+	RESERVED
+CVE-2019-19994
+	RESERVED
+CVE-2019-19993
+	RESERVED
+CVE-2019-19992
+	RESERVED
+CVE-2019-19991
+	RESERVED
+CVE-2019-19990
+	RESERVED
+CVE-2019-19989
+	RESERVED
+CVE-2019-19988
+	RESERVED
+CVE-2019-19987
+	RESERVED
+CVE-2019-19986
+	RESERVED
+CVE-2019-19985 (The WordPress plugin, Email Subscribers & Newsletters, before 4.2. ...)
+	TODO: check
+CVE-2019-19984 (The WordPress plugin, Email Subscribers & Newsletters, before 4.2. ...)
+	TODO: check
+CVE-2019-19983 (In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full w ...)
+	TODO: check
+CVE-2019-19982 (The WordPress plugin, Email Subscribers & Newsletters, before 4.2. ...)
+	TODO: check
+CVE-2019-19981 (The WordPress plugin, Email Subscribers & Newsletters, before 4.2. ...)
+	TODO: check
+CVE-2019-19980 (The WordPress plugin, Email Subscribers & Newsletters, before 4.2. ...)
+	TODO: check
+CVE-2019-19979 (A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed a ...)
+	TODO: check
+CVE-2019-19978
+	RESERVED
+CVE-2019-19976
+	RESERVED
+CVE-2019-19975
+	RESERVED
+CVE-2019-19974
+	RESERVED
+CVE-2019-19973
+	RESERVED
+CVE-2019-19972
+	RESERVED
+CVE-2019-19971
+	RESERVED
+CVE-2019-19970
+	RESERVED
+CVE-2019-19969
+	RESERVED
+CVE-2019-19968
+	RESERVED
+CVE-2019-19967 (The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH ...)
+	TODO: check
+CVE-2019-19977 (libESMTP through 1.0.6 mishandles domain copying into a fixed-size buf ...)
 	- libesmtp <unfixed> (unimportant)
 	NOTE: https://github.com/Kirin-say/Vulnerabilities/blob/master/Stack_Overflow_in_libesmtp.md
 	NOTE: NTLM support not enabled in the Debian builds.
@@ -68096,8 +68168,8 @@ CVE-2018-18290 (** DISPUTED ** An issue was discovered in nc-cms through 2017-03
 	NOT-FOR-US: nc-cms
 CVE-2018-18289 (The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allow ...)
 	NOT-FOR-US: Zabbix Plugin for Confluence
-CVE-2018-18288
-	RESERVED
+CVE-2018-18288 (CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redi ...)
+	TODO: check
 CVE-2018-18287 (On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discov ...)
 	NOT-FOR-US: ASUS RT-AC58U devices
 CVE-2018-18286 (SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/924b5d17e500858dfb64f1240ae03617b2e3411e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/924b5d17e500858dfb64f1240ae03617b2e3411e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191226/c0f515b2/attachment.html>
