[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 3 21:10:49 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
acc565f1 by security tracker role at 2019-09-03T20:10:33Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2019-15889 (The download-manager plugin before 2.9.94 for WordPress has XSS via th ...)
+ TODO: check
+CVE-2019-15888
+ RESERVED
+CVE-2019-15887
+ RESERVED
+CVE-2019-15886
+ RESERVED
+CVE-2019-15885
+ RESERVED
+CVE-2019-15884
+ RESERVED
+CVE-2019-15883
+ RESERVED
+CVE-2019-15882
+ RESERVED
+CVE-2019-15881
+ RESERVED
+CVE-2019-15880
+ RESERVED
+CVE-2019-15879
+ RESERVED
+CVE-2019-15878
+ RESERVED
+CVE-2019-15877
+ RESERVED
+CVE-2019-15876
+ RESERVED
+CVE-2019-15875
+ RESERVED
+CVE-2019-15874
+ RESERVED
+CVE-2019-15873 (The profilegrid-user-profiles-groups-and-communities plugin before 2.8 ...)
+ TODO: check
+CVE-2019-15872 (The LoginPress plugin before 1.1.4 for WordPress has SQL injection via ...)
+ TODO: check
+CVE-2019-15871 (The LoginPress plugin before 1.1.4 for WordPress has no capability che ...)
+ TODO: check
+CVE-2019-15870 (The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Ph ...)
+ TODO: check
+CVE-2019-15869 (The JobCareer theme before 2.5.1 for WordPress has stored XSS. ...)
+ TODO: check
+CVE-2019-15868 (The affiliates-manager plugin before 2.6.6 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2019-15867 (The slick-popup plugin before 1.7.2 for WordPress has a hardcoded Omak ...)
+ TODO: check
+CVE-2019-15866 (The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file ...)
+ TODO: check
+CVE-2019-15865 (The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2019-15864 (The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS. ...)
+ TODO: check
+CVE-2019-15863 (The ConvertPlus plugin before 3.4.5 for WordPress has an unintended ac ...)
+ TODO: check
CVE-2019-XXXX [VSV00003 DoS]
- varnish <unfixed> (bug #939333)
[stretch] - varnish <not-affected> (Only a security issue in 6.0 and later)
@@ -33,7 +87,8 @@ CVE-2019-15853
RESERVED
CVE-2019-15852
RESERVED
-CVE-2019-15851 (In SoX 14.4.2, there is an integer overflow in startread in sox-fmt.c. ...)
+CVE-2019-15851
+ REJECTED
- sox <unfixed>
NOTE: https://sourceforge.net/p/sox/bugs/325/
TODO: further checks needed
@@ -644,7 +699,7 @@ CVE-2019-15632
RESERVED
CVE-2019-15631
RESERVED
-CVE-2019-15630 (Directory Traversal in APIkit, http-connector, and OAuth2 Provider mod ...)
+CVE-2019-15630 (Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider com ...)
TODO: check
CVE-2019-15629
RESERVED
@@ -2345,8 +2400,7 @@ CVE-2019-15045 (** DISPUTED ** AjaxDomainServlet in Zoho ManageEngine ServiceDes
NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2019-15044
RESERVED
-CVE-2019-15043
- RESERVED
+CVE-2019-15043 (In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow u ...)
- grafana <removed>
CVE-2019-15042
RESERVED
@@ -3010,8 +3064,7 @@ CVE-2019-14819
NOT-FOR-US: openshift-ansible
CVE-2019-14818
RESERVED
-CVE-2019-14817
- RESERVED
+CVE-2019-14817 (A flaw was found in, ghostscript versions prior to 9.28, in the .pdfex ...)
- ghostscript <unfixed>
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701450
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
@@ -3046,8 +3099,7 @@ CVE-2019-14812
NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting
NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
NOTE: which changed the access to file permissions.
-CVE-2019-14811
- RESERVED
+CVE-2019-14811 (A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_h ...)
- ghostscript <unfixed>
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701445
NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
@@ -5108,8 +5160,8 @@ CVE-2019-14263
RESERVED
CVE-2019-14262 (MetadataExtractor 2.1.0 allows stack consumption. ...)
NOT-FOR-US: MetadataExtractor
-CVE-2019-14261
- RESERVED
+CVE-2019-14261 (An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due ...)
+ TODO: check
CVE-2019-14260 (On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone Vo ...)
NOT-FOR-US: Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone
CVE-2019-14259 (On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a comma ...)
@@ -8757,8 +8809,8 @@ CVE-2019-13158
RESERVED
CVE-2019-13157
RESERVED
-CVE-2019-13156
- RESERVED
+CVE-2019-13156 (NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer ove ...)
+ TODO: check
CVE-2019-13155 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
NOT-FOR-US: TRENDnet TEW-827DRU firmware
CVE-2019-13154 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
@@ -16616,8 +16668,7 @@ CVE-2019-10199 (It was found that Keycloak's account console, up to 6.0.1, did n
NOT-FOR-US: Keycloak
CVE-2019-10198 (An authentication bypass vulnerability was discovered in foreman-tasks ...)
- foreman <itp> (bug #663101)
-CVE-2019-10197 [Combination of parameters and permissions can allow user to escape from the share path definition]
- RESERVED
+CVE-2019-10197 (A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up ...)
- samba <unfixed>
[stretch] - samba <not-affected> (Issue introduced in 4.9.0 upstream)
NOTE: https://www.samba.org/samba/security/CVE-2019-10197.html
@@ -28004,14 +28055,14 @@ CVE-2019-6184
RESERVED
CVE-2019-6183
RESERVED
-CVE-2019-6182
- RESERVED
-CVE-2019-6181
- RESERVED
-CVE-2019-6180
- RESERVED
-CVE-2019-6179
- RESERVED
+CVE-2019-6182 (A stored CSV Injection vulnerability was reported in Lenovo XClarity A ...)
+ TODO: check
+CVE-2019-6181 (A reflected cross-site scripting (XSS) vulnerability was reported in L ...)
+ TODO: check
+CVE-2019-6180 (A stored cross-site scripting (XSS) vulnerability was reported in Leno ...)
+ TODO: check
+CVE-2019-6179 (An XML External Entity (XXE) processing vulnerability was reported in ...)
+ TODO: check
CVE-2019-6178 (An information leakage vulnerability in Iomega and LenovoEMC NAS produ ...)
NOT-FOR-US: Iomega and LenovoEMC NAS products
CVE-2019-6177 (A vulnerability reported in Lenovo Solution Center version 03.12.003, ...)
@@ -33730,14 +33781,14 @@ CVE-2019-3756
RESERVED
CVE-2019-3755
RESERVED
-CVE-2019-3754
- RESERVED
+CVE-2019-3754 (Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, ...)
+ TODO: check
CVE-2019-3753 (Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K runn ...)
NOT-FOR-US: EMC
CVE-2019-3752
RESERVED
-CVE-2019-3751
- RESERVED
+CVE-2019-3751 (Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0 ...)
+ TODO: check
CVE-2019-3750
RESERVED
CVE-2019-3749
@@ -42488,8 +42539,7 @@ CVE-2019-1127 (A remote code execution vulnerability exists in the way that Dire
NOT-FOR-US: Microsoft
CVE-2019-1126 (A security feature bypass vulnerability exists in Active Directory Fed ...)
NOT-FOR-US: Microsoft
-CVE-2019-1125 [Spectre v1 SWAPGS]
- RESERVED
+CVE-2019-1125 (An information disclosure vulnerability exists when certain central pr ...)
{DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
- linux 5.2.7-1
NOTE: https://access.redhat.com/articles/4329821
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/acc565f1695104318fdeae722d1fd7fc21db7dad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/acc565f1695104318fdeae722d1fd7fc21db7dad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190903/5435f7f1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list