[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 17 21:10:38 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8cc6fa63 by security tracker role at 2019-09-17T20:10:27Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2019-16390
+ RESERVED
+CVE-2019-16389
+ RESERVED
+CVE-2019-16388
+ RESERVED
+CVE-2019-16387
+ RESERVED
+CVE-2019-16386
+ RESERVED
+CVE-2019-16385
+ RESERVED
+CVE-2019-16384
+ RESERVED
+CVE-2019-16383
+ RESERVED
+CVE-2019-16382
+ RESERVED
+CVE-2019-16381
+ RESERVED
+CVE-2019-16380
+ RESERVED
+CVE-2019-16379
+ RESERVED
+CVE-2016-10995
+ RESERVED
+CVE-2016-10994
+ RESERVED
+CVE-2016-10993 (The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s p ...)
+ TODO: check
+CVE-2016-10992 (The music-store plugin before 1.0.43 for WordPress has XSS via the wp- ...)
+ TODO: check
+CVE-2016-10991 (The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclu ...)
+ TODO: check
+CVE-2016-10990 (The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwar ...)
+ TODO: check
+CVE-2016-10989 (The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?p ...)
+ TODO: check
+CVE-2016-10988 (The leenkme plugin before 2.6.0 for WordPress has stored XSS via faceb ...)
+ TODO: check
+CVE-2016-10987 (The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_s ...)
+ TODO: check
+CVE-2016-10986 (The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consum ...)
+ TODO: check
+CVE-2016-10985 (The echosign plugin before 1.2 for WordPress has XSS via the templates ...)
+ TODO: check
+CVE-2016-10984 (The echosign plugin before 1.2 for WordPress has XSS via the inc.php p ...)
+ TODO: check
+CVE-2016-10983 (The ghost plugin before 0.5.6 for WordPress has no access control for ...)
+ TODO: check
+CVE-2016-10982 (The kento-post-view-counter plugin through 2.8 for WordPress has wp-ad ...)
+ TODO: check
+CVE-2016-10981 (The kento-post-view-counter plugin through 2.8 for WordPress has store ...)
+ TODO: check
+CVE-2016-10980 (The kento-post-view-counter plugin through 2.8 for WordPress has XSS v ...)
+ TODO: check
+CVE-2016-10979 (The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS. ...)
+ TODO: check
+CVE-2016-10978 (The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2016-10977 (The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=.. ...)
+ TODO: check
+CVE-2016-10976 (The safe-editor plugin before 1.2 for WordPress has no se_save authent ...)
+ TODO: check
+CVE-2016-10975 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has r ...)
+ TODO: check
+CVE-2016-10974 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has f ...)
+ TODO: check
CVE-2019-16377
RESERVED
CVE-2019-16376
@@ -412,9 +480,9 @@ CVE-2019-16241
RESERVED
CVE-2019-16240
RESERVED
-CVE-2019-16239
- RESERVED
-CVE-2019-16378 [signature bypass with multiple From addresses]
+CVE-2019-16239 (process_http_response in OpenConnect before 8.05 has a Buffer Overflow ...)
+ TODO: check
+CVE-2019-16378 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a si ...)
- opendmarc 1.3.2-7 (bug #940081)
NOTE: https://github.com/trusteddomainproject/OpenDMARC/pull/48
CVE-2019-16275 (hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect ...)
@@ -1700,8 +1768,7 @@ CVE-2019-15730 (An issue was discovered in GitLab Community and Enterprise Editi
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
-CVE-2019-15729 [Pipeline Status Disclosure]
- RESERVED
+CVE-2019-15729 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...)
[experimental] - gitlab 12.0.8-1
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
@@ -3464,8 +3531,8 @@ CVE-2019-15132 (Zabbix through 4.4.0alpha1 allows User Enumeration. With login r
[stretch] - zabbix <no-dsa> (Minor issue)
[jessie] - zabbix <postponed> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-16532
-CVE-2019-15131
- RESERVED
+CVE-2019-15131 (In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 ...)
+ TODO: check
CVE-2019-15130 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 ...)
NOT-FOR-US: Recruitment module in Humanica Humatrix
CVE-2019-15129 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 ...)
@@ -4423,8 +4490,7 @@ CVE-2019-14837
RESERVED
CVE-2019-14836
RESERVED
-CVE-2019-14835 [QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow]
- RESERVED
+CVE-2019-14835 (A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/09/17/1
NOTE: https://git.kernel.org/linus/060423bfdee3f8bc6e2c1bac97de24d5415e2bc4
@@ -4444,8 +4510,7 @@ CVE-2019-14828
RESERVED
CVE-2019-14827
RESERVED
-CVE-2019-14826 [Session not terminated after logout]
- RESERVED
+CVE-2019-14826 (A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies ...)
- freeipa <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1746944
NOTE: Introduced by https://pagure.io/freeipa/c/b895f4a34bcbd0b1787d2bfc1db25f34c3584b9c
@@ -9260,16 +9325,16 @@ CVE-2019-13544 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple ou
NOT-FOR-US: Delta Electronics TPEditor
CVE-2019-13543
RESERVED
-CVE-2019-13542
- RESERVED
+CVE-2019-13542 (3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all version ...)
+ TODO: check
CVE-2019-13541
RESERVED
CVE-2019-13540 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-ba ...)
NOT-FOR-US: Delta Electronics TPEditor
CVE-2019-13539
RESERVED
-CVE-2019-13538
- RESERVED
+CVE-2019-13538 (3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versi ...)
+ TODO: check
CVE-2019-13537
RESERVED
CVE-2019-13536 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-bas ...)
@@ -11431,8 +11496,8 @@ CVE-2019-12757
RESERVED
CVE-2019-12756
RESERVED
-CVE-2019-12755
- RESERVED
+CVE-2019-12755 (Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an ...)
+ TODO: check
CVE-2019-12754 (Symantec My VIP portal, previous version which has already been auto u ...)
NOT-FOR-US: Symantec My VIP portal
CVE-2019-12753 (An information disclosure vulnerability in Symantec Reporter web UI 10 ...)
@@ -14378,12 +14443,12 @@ CVE-2019-11669 (Modifiable read only check box In Micro Focus Service Manager, v
NOT-FOR-US: Micro Focus
CVE-2019-11668 (HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, ...)
NOT-FOR-US: Micro Focus
-CVE-2019-11667
- RESERVED
-CVE-2019-11666
- RESERVED
-CVE-2019-11665
- RESERVED
+CVE-2019-11667 (Unauthorized access to contact information in Micro Focus Service Mana ...)
+ TODO: check
+CVE-2019-11666 (Insecure deserialization of untrusted data in Micro Focus Service Mana ...)
+ TODO: check
+CVE-2019-11665 (Data exposure in Micro Focus Service Manager product versions 9.30, 9. ...)
+ TODO: check
CVE-2019-11664
RESERVED
CVE-2019-11663
@@ -14674,8 +14739,8 @@ CVE-2019-11561 (The Chuango 433 MHz burglar-alarm product line is vulnerable to
NOT-FOR-US: Chuango
CVE-2019-11560 (A buffer overflow vulnerability in the streaming server provided by hi ...)
NOT-FOR-US: hisilicon
-CVE-2019-11559
- RESERVED
+CVE-2019-11559 (A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16 ...)
+ TODO: check
CVE-2019-11558
RESERVED
CVE-2019-11557 (The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress ...)
@@ -20661,8 +20726,8 @@ CVE-2019-9683
RESERVED
CVE-2019-9682
RESERVED
-CVE-2019-9681
- RESERVED
+CVE-2019-9681 (Online upgrade information in some firmware packages of Dahua products ...)
+ TODO: check
CVE-2019-9680
RESERVED
CVE-2019-9679
@@ -22594,10 +22659,10 @@ CVE-2019-9011
RESERVED
CVE-2019-9010 (An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS G ...)
NOT-FOR-US: 3S-Smart CODESYS V3
-CVE-2019-9009
- RESERVED
-CVE-2019-9008
- RESERVED
+CVE-2019-9009 (An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted ...)
+ TODO: check
+CVE-2019-9008 (An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A us ...)
+ TODO: check
CVE-2019-9007
RESERVED
CVE-2019-9006
@@ -33729,8 +33794,8 @@ CVE-2019-4479
RESERVED
CVE-2019-4478
RESERVED
-CVE-2019-4477
- RESERVED
+CVE-2019-4477 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ TODO: check
CVE-2019-4476
RESERVED
CVE-2019-4475
@@ -33799,8 +33864,8 @@ CVE-2019-4444
RESERVED
CVE-2019-4443
RESERVED
-CVE-2019-4442
- RESERVED
+CVE-2019-4442 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a ...)
+ TODO: check
CVE-2019-4441
RESERVED
CVE-2019-4440
@@ -33999,8 +34064,8 @@ CVE-2019-4344
RESERVED
CVE-2019-4343
RESERVED
-CVE-2019-4342
- RESERVED
+CVE-2019-4342 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...)
+ TODO: check
CVE-2019-4341
RESERVED
CVE-2019-4340 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable ...)
@@ -34141,14 +34206,14 @@ CVE-2019-4273
RESERVED
CVE-2019-4272
RESERVED
-CVE-2019-4271
- RESERVED
-CVE-2019-4270
- RESERVED
+CVE-2019-4271 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console ...)
+ TODO: check
+CVE-2019-4270 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console ...)
+ TODO: check
CVE-2019-4269 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console ...)
NOT-FOR-US: IBM
-CVE-2019-4268
- RESERVED
+CVE-2019-4268 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ TODO: check
CVE-2019-4267 (The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerab ...)
NOT-FOR-US: IBM
CVE-2019-4266
@@ -34317,8 +34382,8 @@ CVE-2019-4185 (IBM InfoSphere Information Server 11.7.1 containers are vulnerabl
NOT-FOR-US: IBM
CVE-2019-4184 (IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross- ...)
NOT-FOR-US: IBM
-CVE-2019-4183
- RESERVED
+CVE-2019-4183 (IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of servi ...)
+ TODO: check
CVE-2019-4182
RESERVED
CVE-2019-4181
@@ -34333,16 +34398,16 @@ CVE-2019-4177 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0
NOT-FOR-US: IBM
CVE-2019-4176 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could ...)
NOT-FOR-US: IBM
-CVE-2019-4175
- RESERVED
+CVE-2019-4175 (IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker t ...)
+ TODO: check
CVE-2019-4174 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allow ...)
NOT-FOR-US: IBM
CVE-2019-4173 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could ...)
NOT-FOR-US: IBM
CVE-2019-4172
RESERVED
-CVE-2019-4171
- RESERVED
+CVE-2019-4171 (IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set ...)
+ TODO: check
CVE-2019-4170
RESERVED
CVE-2019-4169 (IBM Open Power Firmware OP910 and OP920 could allow access to BMC via ...)
@@ -34511,8 +34576,8 @@ CVE-2019-4088 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could
NOT-FOR-US: IBM
CVE-2019-4087 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulner ...)
NOT-FOR-US: IBM
-CVE-2019-4086
- RESERVED
+CVE-2019-4086 (IBM Cloud Application Performance Management 8.1.4 could allow a remot ...)
+ TODO: check
CVE-2019-4085
RESERVED
CVE-2019-4084 (IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Man ...)
@@ -37207,8 +37272,8 @@ CVE-2018-20337 (There is a stack-based buffer overflow in the parse_makernote fu
[stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/192
-CVE-2018-20336
- RESERVED
+CVE-2018-20336 (An issue was discovered in Asuswrt-Merlin 384.6. There is a stack-base ...)
+ TODO: check
CVE-2018-20335
RESERVED
CVE-2018-20334
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8cc6fa637071ed9498a1ae1a8b9ce720856fc3ed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8cc6fa637071ed9498a1ae1a8b9ce720856fc3ed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190917/730aa861/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list