[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 18 09:10:31 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
735bc21c by security tracker role at 2019-10-18T08:10:16Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-18195
+ RESERVED
+CVE-2019-18194
+ RESERVED
+CVE-2019-18193
+ RESERVED
CVE-2020-0500
RESERVED
CVE-2020-0499
@@ -2129,38 +2135,38 @@ CVE-2019-17623
RESERVED
CVE-2019-17622
RESERVED
-CVE-2019-17675
+CVE-2019-17675 (WordPress before 5.2.4 does not properly consider type confusion durin ...)
- wordpress 5.2.4+dfsg1-1 (bug #942459)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
NOTE: https://core.trac.wordpress.org/changeset/46477
NOTE: https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0
NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
-CVE-2019-17674
+CVE-2019-17674 (WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripti ...)
- wordpress 5.2.4+dfsg1-1 (bug #942459)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
-CVE-2019-17673
+CVE-2019-17673 (WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON ...)
- wordpress 5.2.4+dfsg1-1 (bug #942459)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
NOTE: https://core.trac.wordpress.org/changeset/46478
NOTE: https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de
NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
-CVE-2019-17672
+CVE-2019-17672 (WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject ...)
- wordpress 5.2.4+dfsg1-1 (bug #942459)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
-CVE-2019-17671
+CVE-2019-17671 (In WordPress before 5.2.4, unauthenticated viewing of certain content ...)
- wordpress 5.2.4+dfsg1-1 (bug #942459)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
NOTE: https://core.trac.wordpress.org/changeset/46474
NOTE: https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
-CVE-2019-17670
+CVE-2019-17670 (WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ...)
- wordpress 5.2.4+dfsg1-1 (bug #942459)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
NOTE: https://core.trac.wordpress.org/changeset/46472
NOTE: https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
-CVE-2019-17669
+CVE-2019-17669 (WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ...)
- wordpress 5.2.4+dfsg1-1 (bug #942459)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
NOTE: https://core.trac.wordpress.org/changeset/46475
@@ -2530,8 +2536,8 @@ CVE-2019-17515
RESERVED
CVE-2019-17514 (library/glob.html in the Python 2 and 3 documentation before 2016 has ...)
NOT-FOR-US: Non-actionable CVE assignment for Python docs
-CVE-2019-17513
- RESERVED
+CVE-2019-17513 (An issue was discovered in Ratpack before 1.7.5. Due to a misuse of th ...)
+ TODO: check
CVE-2019-17512 (There are some web interfaces without authentication requirements on D ...)
NOT-FOR-US: D-Link
CVE-2019-17511 (There are some web interfaces without authentication requirements on D ...)
@@ -7504,10 +7510,10 @@ CVE-2019-15629
RESERVED
CVE-2019-15628
RESERVED
-CVE-2019-15627
- RESERVED
-CVE-2019-15626
- RESERVED
+CVE-2019-15627 (Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent ar ...)
+ TODO: check
+CVE-2019-15626 (The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), ...)
+ TODO: check
CVE-2019-15625
RESERVED
CVE-2019-15624
@@ -9205,12 +9211,12 @@ CVE-2019-15068 (A broken access control vulnerability in Smart Battery A4, a mul
NOT-FOR-US: Smart Battery
CVE-2019-15067 (An authentication bypass vulnerability discovered in Smart Battery A2- ...)
NOT-FOR-US: Smart Battery
-CVE-2019-15066
- RESERVED
-CVE-2019-15065
- RESERVED
-CVE-2019-15064
- RESERVED
+CVE-2019-15066 (An “invalid command” handler issue was discovered in HiNet ...)
+ TODO: check
+CVE-2019-15065 (A service which is hosted on port 6998 in HiNet GPON firmware < I04 ...)
+ TODO: check
+CVE-2019-15064 (HiNet GPON firmware version < I040GWR190731 allows an attacker logi ...)
+ TODO: check
CVE-2017-18525 (The megamenu plugin before 2.4 for WordPress has XSS. ...)
NOT-FOR-US: megamenu plugin for WordPress
CVE-2017-18524 (The football-pool plugin before 2.6.5 for WordPress has multiple XSS i ...)
@@ -15248,14 +15254,14 @@ CVE-2019-13414 (The Rencontre plugin before 3.1.3 for WordPress allows XSS via i
NOT-FOR-US: Wordpress plugin
CVE-2019-13413 (The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection v ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-13412
- RESERVED
+CVE-2019-13412 (A service which is hosted on port 3097 in HiNet GPON firmware < I04 ...)
+ TODO: check
CVE-2019-13411 (An “invalid command” handler issue was discovered in HiNet ...)
NOT-FOR-US: HiNet GPON firmware
-CVE-2019-13410
- RESERVED
-CVE-2019-13409
- RESERVED
+CVE-2019-13410 (TOPMeeting before version 8.8 (2019/08/19) shows attendees account and ...)
+ TODO: check
+CVE-2019-13409 (A SQL injection vulnerability was discovered in TOPMeeting before vers ...)
+ TODO: check
CVE-2019-13408 (A relative path traversal vulnerability found in Advan VD-1 firmware v ...)
NOT-FOR-US: Advan VD-1 firmware
CVE-2019-13407 (A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses ...)
@@ -30373,140 +30379,140 @@ CVE-2019-8228
RESERVED
CVE-2019-8227
RESERVED
-CVE-2019-8226
- RESERVED
-CVE-2019-8225
- RESERVED
-CVE-2019-8224
- RESERVED
-CVE-2019-8223
- RESERVED
-CVE-2019-8222
- RESERVED
-CVE-2019-8221
- RESERVED
-CVE-2019-8220
- RESERVED
-CVE-2019-8219
- RESERVED
-CVE-2019-8218
- RESERVED
-CVE-2019-8217
- RESERVED
-CVE-2019-8216
- RESERVED
-CVE-2019-8215
- RESERVED
-CVE-2019-8214
- RESERVED
-CVE-2019-8213
- RESERVED
-CVE-2019-8212
- RESERVED
-CVE-2019-8211
- RESERVED
-CVE-2019-8210
- RESERVED
-CVE-2019-8209
- RESERVED
-CVE-2019-8208
- RESERVED
-CVE-2019-8207
- RESERVED
-CVE-2019-8206
- RESERVED
-CVE-2019-8205
- RESERVED
-CVE-2019-8204
- RESERVED
-CVE-2019-8203
- RESERVED
-CVE-2019-8202
- RESERVED
-CVE-2019-8201
- RESERVED
-CVE-2019-8200
- RESERVED
-CVE-2019-8199
- RESERVED
-CVE-2019-8198
- RESERVED
-CVE-2019-8197
- RESERVED
-CVE-2019-8196
- RESERVED
-CVE-2019-8195
- RESERVED
-CVE-2019-8194
- RESERVED
-CVE-2019-8193
- RESERVED
-CVE-2019-8192
- RESERVED
-CVE-2019-8191
- RESERVED
-CVE-2019-8190
- RESERVED
-CVE-2019-8189
- RESERVED
-CVE-2019-8188
- RESERVED
-CVE-2019-8187
- RESERVED
-CVE-2019-8186
- RESERVED
-CVE-2019-8185
- RESERVED
-CVE-2019-8184
- RESERVED
-CVE-2019-8183
- RESERVED
-CVE-2019-8182
- RESERVED
-CVE-2019-8181
- RESERVED
-CVE-2019-8180
- RESERVED
-CVE-2019-8179
- RESERVED
-CVE-2019-8178
- RESERVED
-CVE-2019-8177
- RESERVED
-CVE-2019-8176
- RESERVED
-CVE-2019-8175
- RESERVED
-CVE-2019-8174
- RESERVED
-CVE-2019-8173
- RESERVED
-CVE-2019-8172
- RESERVED
-CVE-2019-8171
- RESERVED
-CVE-2019-8170
- RESERVED
-CVE-2019-8169
- RESERVED
-CVE-2019-8168
- RESERVED
-CVE-2019-8167
- RESERVED
-CVE-2019-8166
- RESERVED
-CVE-2019-8165
- RESERVED
-CVE-2019-8164
- RESERVED
-CVE-2019-8163
- RESERVED
-CVE-2019-8162
- RESERVED
-CVE-2019-8161
- RESERVED
-CVE-2019-8160
- RESERVED
+CVE-2019-8226 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8225 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8224 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8223 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8222 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8221 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8220 (Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 2017.01 ...)
+ TODO: check
+CVE-2019-8219 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8218 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8217 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8216 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8215 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8214 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8213 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8212 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8211 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8210 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8209 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8208 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8207 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8206 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8205 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8204 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8203 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8202 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8201 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8200 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8199 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8198 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8197 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8196 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8195 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8194 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8193 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8192 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8191 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8190 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8189 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8188 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8187 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8186 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8185 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8184 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8183 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8182 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8181 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8180 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8179 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8178 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8177 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8176 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8175 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8174 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8173 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8172 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8171 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8170 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8169 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8168 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8167 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8166 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8165 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8164 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8163 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8162 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8161 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
+CVE-2019-8160 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
CVE-2019-8159
RESERVED
CVE-2019-8158
@@ -30697,8 +30703,8 @@ CVE-2019-8066
RESERVED
CVE-2019-8065
RESERVED
-CVE-2019-8064
- RESERVED
+CVE-2019-8064 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
+ TODO: check
CVE-2019-8063 (Creative Cloud Desktop Application 4.6.1 and earlier versions have an ...)
NOT-FOR-US: Creative Cloud Desktop Application
CVE-2019-8062 (Adobe After Effects versions 16 and earlier have an insecure library l ...)
@@ -34634,12 +34640,10 @@ CVE-2019-6478
RESERVED
CVE-2019-6477
RESERVED
-CVE-2019-6476 [flaw in QNAME minimization that can lead to an assertion failure]
- RESERVED
+CVE-2019-6476 (A defect in code added to support QNAME minimization can cause named t ...)
- bind9 <not-affected> (Vulnerable code not present)
NOTE: https://kb.isc.org/docs/cve-2019-6476
-CVE-2019-6475 [DNSSEC validation bypass for mirror zones]
- RESERVED
+CVE-2019-6475 (Mirror zones are a BIND feature allowing recursive servers to pre-cach ...)
- bind9 <not-affected> (Vulnerable code not present)
NOTE: https://kb.isc.org/docs/cve-2019-6475
CVE-2019-6474 (A missing check on incoming client requests can be exploited to cause ...)
@@ -41274,7 +41278,7 @@ CVE-2019-3740 (RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an I
NOT-FOR-US: RSA
CVE-2019-3739 (RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Informati ...)
NOT-FOR-US: RSA
-CVE-2019-3738 (RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improp ...)
+CVE-2019-3738 (RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing ...)
NOT-FOR-US: RSA
CVE-2019-3737 (Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by a ...)
NOT-FOR-US: Dell EMC Avamar ADMe Web Interface
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/735bc21c9f3dc17c3a5bc40f1a4358cfe1c85c42
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/735bc21c9f3dc17c3a5bc40f1a4358cfe1c85c42
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191018/16910684/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list