[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 10 21:10:36 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d02ecbe1 by security tracker role at 2019-09-10T20:10:27Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-16213
+ RESERVED
+CVE-2019-16212
+ RESERVED
+CVE-2019-16211
+ RESERVED
+CVE-2019-16210
+ RESERVED
+CVE-2019-16209
+ RESERVED
+CVE-2019-16208
+ RESERVED
+CVE-2019-16207
+ RESERVED
+CVE-2019-16206
+ RESERVED
+CVE-2019-16205
+ RESERVED
+CVE-2019-16204
+ RESERVED
+CVE-2019-16203
+ RESERVED
+CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain situations. ...)
+ TODO: check
+CVE-2019-16201
+ RESERVED
CVE-2019-16200
RESERVED
CVE-2019-16199
@@ -24,38 +50,38 @@ CVE-2019-16189
RESERVED
CVE-2019-16188
RESERVED
-CVE-2017-18611
- RESERVED
-CVE-2017-18610
- RESERVED
-CVE-2017-18609
- RESERVED
-CVE-2017-18608
- RESERVED
-CVE-2017-18607
- RESERVED
-CVE-2017-18606
- RESERVED
-CVE-2017-18605
- RESERVED
-CVE-2017-18604
- RESERVED
-CVE-2017-18603
- RESERVED
-CVE-2017-18602
- RESERVED
-CVE-2017-18601
- RESERVED
-CVE-2017-18600
- RESERVED
-CVE-2017-18599
- RESERVED
-CVE-2017-18598
- RESERVED
-CVE-2017-18597
- RESERVED
-CVE-2017-18596
- RESERVED
+CVE-2017-18611 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
+ TODO: check
+CVE-2017-18610 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
+ TODO: check
+CVE-2017-18609 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the cus ...)
+ TODO: check
+CVE-2017-18608 (The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS ...)
+ TODO: check
+CVE-2017-18607 (The avada theme before 5.1.5 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2017-18606 (The avada theme before 5.1.5 for WordPress has stored XSS. ...)
+ TODO: check
+CVE-2017-18605 (The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Ob ...)
+ TODO: check
+CVE-2017-18604 (The sitebuilder-dynamic-components plugin through 1.0 for WordPress ha ...)
+ TODO: check
+CVE-2017-18603 (The postman-smtp plugin through 2017-10-04 for WordPress has XSS via t ...)
+ TODO: check
+CVE-2017-18602 (The examapp plugin 1.0 for WordPress has SQL injection via the wp-admi ...)
+ TODO: check
+CVE-2017-18601 (The examapp plugin 1.0 for WordPress has XSS via exam input text field ...)
+ TODO: check
+CVE-2017-18600 (The formcraft3 plugin before 3.4 for WordPress has stored XSS via the ...)
+ TODO: check
+CVE-2017-18599 (The Pinfinity theme before 2.0 for WordPress has XSS via the s paramet ...)
+ TODO: check
+CVE-2017-18598 (The Qards plugin through 2017-10-11 for WordPress has XSS via a remote ...)
+ TODO: check
+CVE-2017-18597 (The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL I ...)
+ TODO: check
+CVE-2017-18596 (The elementor plugin before 1.8.0 for WordPress has incorrect access c ...)
+ TODO: check
CVE-2019-16187 (Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnl ...)
- limesurvey <itp> (bug #472802)
CVE-2019-16186 (In Limesurvey before 3.17.14, admin users can access the plugin manage ...)
@@ -249,8 +275,8 @@ CVE-2018-21012 (The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress ha
NOT-FOR-US: Wordpress plugin
CVE-2018-21011 (The charitable plugin before 1.5.14 for WordPress has unauthorized acc ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-16106
- RESERVED
+CVE-2019-16106 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 ...)
+ TODO: check
CVE-2019-16105 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory t ...)
NOT-FOR-US: Silver Peak EdgeConnect SD-WAN
CVE-2019-16104 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via th ...)
@@ -742,8 +768,8 @@ CVE-2019-15898 (Nagios Log Server before 2.0.8 allows Reflected XSS via the user
NOT-FOR-US: Nagios Log Server
CVE-2019-15897
RESERVED
-CVE-2019-15896
- RESERVED
+CVE-2019-15896 (An issue was discovered in the LifterLMS plugin through 3.34.5 for Wor ...)
+ TODO: check
CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin before 1.2.4 for Wor ...)
NOT-FOR-US: "Search Exclude" plugin for WordPress
CVE-2019-15894
@@ -3450,7 +3476,7 @@ CVE-2019-14979 (cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Paym
NOT-FOR-US: WooCommerce PayPal Checkout Payment Gateway plugin for WordPress
CVE-2019-14978 (/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugi ...)
NOT-FOR-US: WooCommerce PayU India Payment Gateway plugin for WordPress
-CVE-2019-14977 (card/pay/.../amount in the WooCommerce Instamojo Payment Gateway plugi ...)
+CVE-2019-14977 (** DISPUTED ** card/pay/.../amount in the WooCommerce Instamojo Paymen ...)
NOT-FOR-US: WooCommerce Instamojo Payment Gateway plugin for WordPress
CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter ...)
NOT-FOR-US: idreamsoft iCMS
@@ -4183,26 +4209,26 @@ CVE-2019-14732 (AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoa
NOTE: https://github.com/adplug/adplug/issues/88
CVE-2019-14731 (An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vul ...)
NOT-FOR-US: ZenTao CMS
-CVE-2019-14730
- RESERVED
-CVE-2019-14729
- RESERVED
-CVE-2019-14728
- RESERVED
-CVE-2019-14727
- RESERVED
-CVE-2019-14726
- RESERVED
+CVE-2019-14730 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
+ TODO: check
+CVE-2019-14729 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
+ TODO: check
+CVE-2019-14728 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
+ TODO: check
+CVE-2019-14727 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
+ TODO: check
+CVE-2019-14726 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
+ TODO: check
CVE-2019-14725
RESERVED
CVE-2019-14724
RESERVED
-CVE-2019-14723
- RESERVED
-CVE-2019-14722
- RESERVED
-CVE-2019-14721
- RESERVED
+CVE-2019-14723 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
+ TODO: check
+CVE-2019-14722 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
+ TODO: check
+CVE-2019-14721 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
+ TODO: check
CVE-2019-14720
RESERVED
CVE-2019-14719
@@ -4889,8 +4915,8 @@ CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by an integer overflow in
NOTE: https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b
CVE-2019-14458
RESERVED
-CVE-2019-14457
- RESERVED
+CVE-2019-14457 (VIVOTEK IP Camera devices with firmware before 0x20x have a stack-base ...)
+ TODO: check
CVE-2019-14456 (Opengear console server firmware releases prior to 4.5.0 have a stored ...)
NOT-FOR-US: Opengear console server firmware
CVE-2019-14455
@@ -10164,8 +10190,8 @@ CVE-2019-12998
RESERVED
CVE-2019-12997 (In Loopchain through 2.2.1.3, an attacker can escalate privileges from ...)
NOT-FOR-US: Loopchain
-CVE-2019-12996
- RESERVED
+CVE-2019-12996 (In Mendix 7.23.5 and earlier, the Excel importer module is vulnerable ...)
+ TODO: check
CVE-2019-12995 (Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch ...)
NOT-FOR-US: Istio
CVE-2019-12994 (Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetEx ...)
@@ -11746,8 +11772,8 @@ CVE-2019-12402 (The file name encoding algorithm used internally in Apache Commo
[jessie] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/27/1
NOTE: Fixed in upstream commit: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commitdiff;h=4ad5d80a6272e007f64a6ac66829ca189a8093b9;hp=16a0c84e84b93cc8c107b7ff3080bd11317ab581
-CVE-2019-12401
- RESERVED
+CVE-2019-12401 (Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are v ...)
+ TODO: check
CVE-2019-12400 (In version 2.0.3 Apache Santuario XML Security for Java, a caching mec ...)
- libxml-security-java <unfixed> (bug #935548)
[stretch] - libxml-security-java <not-affected> (Vulnerable code introduced in 2.0.3)
@@ -12547,8 +12573,8 @@ CVE-2019-12106 (The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1
- minissdpd 1.5.20190210-1 (bug #929297)
[stretch] - minissdpd 1.2.20130907-4.1+deb9u1
NOTE: https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f
-CVE-2019-12105
- RESERVED
+CVE-2019-12105 (In supervisord in Supervisor through 4.0.2, an unauthenticated user ca ...)
+ TODO: check
CVE-2019-12104 (The web-based configuration interface of the TP-Link M7350 V3 with fir ...)
NOT-FOR-US: TP-Link
CVE-2019-12103 (The web-based configuration interface of the TP-Link M7350 V3 with fir ...)
@@ -14232,12 +14258,12 @@ CVE-2019-11498 (WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in Wav
[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
NOTE: https://github.com/dbry/WavPack/issues/67
NOTE: https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4
-CVE-2019-11497
- RESERVED
-CVE-2019-11496
- RESERVED
-CVE-2019-11495
- RESERVED
+CVE-2019-11497 (An issue was discovered in Couchbase Server 5.0.0. When creating a new ...)
+ TODO: check
+CVE-2019-11496 (An issue was discovered in Couchbase Server 5.0.0. Editing bucket sett ...)
+ TODO: check
+CVE-2019-11495 (Couchbase Server 5.1.1 generates insufficiently random numbers. The pr ...)
+ TODO: check
CVE-2019-11494 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-lo ...)
- dovecot 1:2.3.4.1-5 (bug #928235)
[stretch] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
@@ -14350,14 +14376,14 @@ CVE-2019-11469 (Zoho ManageEngine Applications Manager 12 through 14 allows Faul
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2019-11468
RESERVED
-CVE-2019-11467
- RESERVED
-CVE-2019-11466
- RESERVED
-CVE-2019-11465
- RESERVED
-CVE-2019-11464
- RESERVED
+CVE-2019-11467 (An issue was discovered in Couchbase Server 4.6.3 and 5.5.0. A JSON do ...)
+ TODO: check
+CVE-2019-11466 (An issue was discovered in Couchbase Server 5.5.0 and 6.0.0. The Event ...)
+ TODO: check
+CVE-2019-11465 (An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6. ...)
+ TODO: check
+CVE-2019-11464 (An issue was discovered in Couchbase Server 5.1.2 and 5.5.0. The http ...)
+ TODO: check
CVE-2019-11463 (A memory leak in archive_read_format_zip_cleanup in archive_read_suppo ...)
- libarchive <not-affected> (Vulnerable code not present)
NOTE: Introduced in https://github.com/libarchive/libarchive/commit/121035c83e18b70d3128e9ac966109ebedb7e516
@@ -17347,8 +17373,8 @@ CVE-2019-10258
RESERVED
CVE-2019-10257 (Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Una ...)
NOT-FOR-US: Zucchetti HR Portal
-CVE-2019-10256
- RESERVED
+CVE-2019-10256 (An authentication bypass vulnerability in VIVOTEK IPCam versions prior ...)
+ TODO: check
CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...)
- jupyter-notebook 5.7.8-1 (bug #925939)
NOTE: https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb
@@ -30872,8 +30898,8 @@ CVE-2019-5505
RESERVED
CVE-2019-5504
RESERVED
-CVE-2019-5503
- RESERVED
+CVE-2019-5503 (OnCommand Workflow Automation versions prior to 5.0 shipped without ce ...)
+ TODO: check
CVE-2019-5502 (SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has we ...)
NOT-FOR-US: Data ONTAP
CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose ...)
@@ -34100,8 +34126,8 @@ CVE-2019-3977
RESERVED
CVE-2019-3976
RESERVED
-CVE-2019-3975
- RESERVED
+CVE-2019-3975 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows ...)
+ TODO: check
CVE-2019-3974 (Nessus 8.5.2 and earlier on Windows platforms were found to contain an ...)
NOT-FOR-US: Nessus
CVE-2019-3973 (Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Deni ...)
@@ -42583,8 +42609,8 @@ CVE-2018-19650 (Local attackers can trigger a stack-based buffer overflow on vul
NOT-FOR-US: Antiy-AVL ATool security management
CVE-2019-1564
RESERVED
-CVE-2019-1563
- RESERVED
+CVE-2019-1563 (In situations where an attacker receives automated notification of the ...)
+ TODO: check
CVE-2019-1562
RESERVED
CVE-2019-1561
@@ -42622,12 +42648,12 @@ CVE-2019-1551
RESERVED
CVE-2019-1550
RESERVED
-CVE-2019-1549
- RESERVED
+CVE-2019-1549 (OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). Th ...)
+ TODO: check
CVE-2019-1548
RESERVED
-CVE-2019-1547
- RESERVED
+CVE-2019-1547 (Normally in OpenSSL EC groups always have a co-factor present and this ...)
+ TODO: check
CVE-2019-1546
RESERVED
CVE-2019-1545
@@ -45252,34 +45278,34 @@ CVE-2019-0367
RESERVED
CVE-2019-0366
RESERVED
-CVE-2019-0365
- RESERVED
-CVE-2019-0364
- RESERVED
-CVE-2019-0363
- RESERVED
+CVE-2019-0365 (SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7. ...)
+ TODO: check
+CVE-2019-0364 (Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Applic ...)
+ TODO: check
+CVE-2019-0363 (Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Applic ...)
+ TODO: check
CVE-2019-0362
RESERVED
-CVE-2019-0361
- RESERVED
+CVE-2019-0361 (SAP Supplier Relationship Management (Master Data Management Catalog - ...)
+ TODO: check
CVE-2019-0360
RESERVED
CVE-2019-0359
RESERVED
CVE-2019-0358
RESERVED
-CVE-2019-0357
- RESERVED
-CVE-2019-0356
- RESERVED
-CVE-2019-0355
- RESERVED
+CVE-2019-0357 (The administrator of SAP HANA database, before versions 1.0 and 2.0, c ...)
+ TODO: check
+CVE-2019-0356 (Under certain conditions SAP NetWeaver Process Integration Runtime Wor ...)
+ TODO: check
+CVE-2019-0355 (SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before ...)
+ TODO: check
CVE-2019-0354
RESERVED
-CVE-2019-0353
- RESERVED
-CVE-2019-0352
- RESERVED
+CVE-2019-0353 (Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO ...)
+ TODO: check
+CVE-2019-0352 (In SAP Business Objects Business Intelligence Platform, before version ...)
+ TODO: check
CVE-2019-0351 (A remote code execution vulnerability exists in the SAP NetWeaver UDDI ...)
NOT-FOR-US: SAP
CVE-2019-0350
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d02ecbe1ef2dd8248c7507be2dc081a544365377
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d02ecbe1ef2dd8248c7507be2dc081a544365377
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190910/ce8fac8f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list