[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 7 21:10:51 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6c2f0133 by security tracker role at 2019-10-07T20:10:27Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2019-17319 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
+ TODO: check
+CVE-2019-17318 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
+ TODO: check
+CVE-2019-17317 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection ...)
+ TODO: check
+CVE-2019-17316 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection ...)
+ TODO: check
+CVE-2019-17315 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection ...)
+ TODO: check
+CVE-2019-17314 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal ...)
+ TODO: check
+CVE-2019-17313 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal ...)
+ TODO: check
+CVE-2019-17312 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal ...)
+ TODO: check
+CVE-2019-17311 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal ...)
+ TODO: check
+CVE-2019-17310 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
+ TODO: check
+CVE-2019-17309 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
+ TODO: check
+CVE-2019-17308 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
+ TODO: check
+CVE-2019-17307 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
+ TODO: check
+CVE-2019-17306 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
+ TODO: check
+CVE-2019-17305 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
+ TODO: check
+CVE-2019-17304 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
+ TODO: check
+CVE-2019-17303 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
+ TODO: check
+CVE-2019-17302 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
+ TODO: check
+CVE-2019-17301 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
+ TODO: check
+CVE-2019-17300 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
+ TODO: check
+CVE-2019-17299 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...)
+ TODO: check
+CVE-2019-17298 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
+ TODO: check
+CVE-2019-17297 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
+ TODO: check
+CVE-2019-17296 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
+ TODO: check
+CVE-2019-17295 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
+ TODO: check
+CVE-2019-17294 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
+ TODO: check
+CVE-2019-17293 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
+ TODO: check
+CVE-2019-17292 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...)
+ TODO: check
+CVE-2019-17291
+ RESERVED
+CVE-2019-17290
+ RESERVED
+CVE-2019-17289
+ RESERVED
+CVE-2019-17288
+ RESERVED
+CVE-2019-17287
+ RESERVED
+CVE-2019-17286
+ RESERVED
+CVE-2019-17285
+ RESERVED
+CVE-2019-17284
+ RESERVED
+CVE-2019-17283
+ RESERVED
+CVE-2019-17282
+ RESERVED
+CVE-2019-17281
+ RESERVED
+CVE-2019-17280
+ RESERVED
+CVE-2019-17279
+ RESERVED
+CVE-2019-17278
+ RESERVED
+CVE-2019-17277
+ RESERVED
+CVE-2019-17276
+ RESERVED
+CVE-2019-17275
+ RESERVED
+CVE-2019-17274
+ RESERVED
+CVE-2019-17273
+ RESERVED
+CVE-2019-17272
+ RESERVED
CVE-2019-17271
RESERVED
CVE-2019-17270
@@ -505,10 +601,10 @@ CVE-2019-17044
RESERVED
CVE-2019-17043
RESERVED
-CVE-2019-17042
- RESERVED
-CVE-2019-17041
- RESERVED
+CVE-2019-17042 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmc ...)
+ TODO: check
+CVE-2019-17041 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfr ...)
+ TODO: check
CVE-2019-17040 (contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bound ...)
- rsyslog <unfixed> (unimportant)
[buster] - rsyslog <not-affected> (Vulnerable code introduced later)
@@ -825,20 +921,20 @@ CVE-2019-16904 (TeamPass 2.1.27.36 allows Stored XSS by setting a crafted passwo
- teampass <itp> (bug #730180)
CVE-2019-16903 (Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServ ...)
NOT-FOR-US: Platinum UPnP SDK
-CVE-2015-9456
- RESERVED
-CVE-2015-9455
- RESERVED
-CVE-2015-9454
- RESERVED
-CVE-2015-9453
- RESERVED
-CVE-2015-9452
- RESERVED
-CVE-2015-9451
- RESERVED
-CVE-2015-9450
- RESERVED
+CVE-2015-9456 (The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has ...)
+ TODO: check
+CVE-2015-9455 (The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSR ...)
+ TODO: check
+CVE-2015-9454 (The smooth-slider plugin before 2.7 for WordPress has SQL Injection vi ...)
+ TODO: check
+CVE-2015-9453 (The broken-link-manager plugin before 0.6.0 for WordPress has XSS via ...)
+ TODO: check
+CVE-2015-9452 (The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPres ...)
+ TODO: check
+CVE-2015-9451 (The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPre ...)
+ TODO: check
+CVE-2015-9450 (The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPre ...)
+ TODO: check
CVE-2019-16902 (In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformco ...)
NOT-FOR-US: ARforms plugin for WordPress
CVE-2019-16901 (Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain ...)
@@ -2503,8 +2599,8 @@ CVE-2019-16265
RESERVED
CVE-2019-16264 (In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado d ...)
NOT-FOR-US: Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC)
-CVE-2019-16263
- RESERVED
+CVE-2019-16263 (The Twitter Kit framework through 3.4.2 for iOS does not properly vali ...)
+ TODO: check
CVE-2019-16262
RESERVED
CVE-2019-16261 (Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST req ...)
@@ -3565,8 +3661,8 @@ CVE-2019-15896 (An issue was discovered in the LifterLMS plugin through 3.34.5 f
NOT-FOR-US: LifterLMS plugin for WordPress
CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin before 1.2.4 for Wor ...)
NOT-FOR-US: "Search Exclude" plugin for WordPress
-CVE-2019-15894
- RESERVED
+CVE-2019-15894 (An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, ...)
+ TODO: check
CVE-2019-15893
RESERVED
CVE-2019-15891 (An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3. ...)
@@ -3920,18 +4016,18 @@ CVE-2017-18594 (nse_libssh2.cc in Nmap 7.70 is subject to a denial of service co
NOTE: https://github.com/nmap/nmap/issues/1077
NOTE: https://github.com/nmap/nmap/issues/1227
NOTE: Crash in CLI tool, no security impact
-CVE-2019-15751
- RESERVED
-CVE-2019-15750
- RESERVED
-CVE-2019-15749
- RESERVED
-CVE-2019-15748
- RESERVED
-CVE-2019-15747
- RESERVED
-CVE-2019-15746
- RESERVED
+CVE-2019-15751 (An unrestricted file upload vulnerability in SITOS six Build v6.2.1 al ...)
+ TODO: check
+CVE-2019-15750 (A Cross-Site Scripting (XSS) vulnerability in the blog function in SIT ...)
+ TODO: check
+CVE-2019-15749 (SITOS six Build v6.2.1 allows a user to change their password and reco ...)
+ TODO: check
+CVE-2019-15748 (SITOS six Build v6.2.1 permits unauthorised users to upload and import ...)
+ TODO: check
+CVE-2019-15747 (SITOS six Build v6.2.1 allows a user with the user role of Seminar Coo ...)
+ TODO: check
+CVE-2019-15746 (SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP comm ...)
+ TODO: check
CVE-2019-15745 (The Eques elf smart plug and the mobile app use a hardcoded AES 256 bi ...)
NOT-FOR-US: Eques elf smart plug
CVE-2019-15744
@@ -11645,7 +11741,7 @@ CVE-2019-13576
CVE-2019-13575 (A SQL injection vulnerability exists in WPEverest Everest Forms plugin ...)
NOT-FOR-US: WPEverest Everest Forms plugin for WordPress
CVE-2019-13574 (In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remo ...)
- {DSA-4481-1}
+ {DSA-4481-1 DLA-1948-1}
- ruby-mini-magick 4.9.2-1.1 (bug #931932)
CVE-2019-13573 (A SQL injection vulnerability exists in the FolioVision FV Flowplayer ...)
NOT-FOR-US: FolioVision FV Flowplayer Video Player plugin for WordPress
@@ -13721,10 +13817,10 @@ CVE-2019-12814 (A Polymorphic Typing issue was discovered in FasterXML jackson-d
NOTE: https://github.com/FasterXML/jackson-databind/commit/5f7c69bba07a7155adde130d9dee2e54a54f1fa5
CVE-2019-12813 (An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Re ...)
NOT-FOR-US: Digital Persona U.are.U 4500 Fingerprint Reader
-CVE-2019-12812
- RESERVED
-CVE-2019-12811
- RESERVED
+CVE-2019-12812 (MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbi ...)
+ TODO: check
+CVE-2019-12811 (ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to ...)
+ TODO: check
CVE-2019-12810 (A memory corruption vulnerability exists in the .PSD parsing functiona ...)
NOT-FOR-US: ALSee
CVE-2019-12809 (Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contai ...)
@@ -18940,7 +19036,7 @@ CVE-2019-10894 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-14.html
CVE-2019-10893 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open So ...)
NOT-FOR-US: CentOS-WebPanel.com
-CVE-2019-10892 (An issue was discovered in D-Link DIR-806 devices.There is an stack ov ...)
+CVE-2019-10892 (An issue was discovered in D-Link DIR-806 devices. There is a stack-ba ...)
NOT-FOR-US: D-Link
CVE-2019-10891 (An issue was discovered in D-Link DIR-806 devices. There is a command ...)
NOT-FOR-US: D-Link
@@ -38003,8 +38099,8 @@ CVE-2019-3747 (Dell EMC Integrated Data Protection Appliance versions prior to 2
NOT-FOR-US: EMC
CVE-2019-3746 (Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do ...)
NOT-FOR-US: EMC
-CVE-2019-3745
- RESERVED
+CVE-2019-3745 (The vulnerability is limited to the installers of Dell Encryption Ente ...)
+ TODO: check
CVE-2019-3744 (Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a pri ...)
NOT-FOR-US: Dell/Alienware Digital Delivery
CVE-2019-3743
@@ -38125,8 +38221,8 @@ CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before a
NOTE: When adressing this a related patch to make statd take the user-id from
NOTE: /var/lib/nfs/sm is needed, cf. https://bugzilla.suse.com/show_bug.cgi?id=1150733#c3
NOTE: Neutralised by kernel hardening
-CVE-2019-3688
- RESERVED
+CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterpri ...)
+ TODO: check
CVE-2019-3687
RESERVED
CVE-2019-3686
@@ -52234,8 +52330,8 @@ CVE-2018-18381 (Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb
NOT-FOR-US: Z-BlogPHP
CVE-2018-18380 (A Session Fixation issue was discovered in Bigtree before 4.2.24. admi ...)
NOT-FOR-US: Bigtree CMS
-CVE-2018-18379
- RESERVED
+CVE-2018-18379 (The elementor-edit-template class in wp-admin/customize.php in the Ele ...)
+ TODO: check
CVE-2018-18378
RESERVED
CVE-2018-18377 (goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attac ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c2f01338ad8e70ea6c0db1e346ff230cf105305
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c2f01338ad8e70ea6c0db1e346ff230cf105305
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191007/c769519d/attachment.html>
More information about the debian-security-tracker-commits
mailing list