[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Sep 18 21:10:33 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
938a1b94 by security tracker role at 2019-09-18T20:10:20Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-16404
+ RESERVED
+CVE-2019-16403 (In Webkul Bagisto before 0.1.5, the functionalities for customers to c ...)
+ TODO: check
+CVE-2019-16402
+ RESERVED
+CVE-2019-16401
+ RESERVED
+CVE-2019-16400
+ RESERVED
+CVE-2019-16399 (Western Digital WD My Book World through II 1.02.12 suffers from Broke ...)
+ TODO: check
CVE-2019-16398
RESERVED
CVE-2019-16397
@@ -30,10 +42,10 @@ CVE-2019-16380
RESERVED
CVE-2019-16379
RESERVED
-CVE-2016-10995
- RESERVED
-CVE-2016-10994
- RESERVED
+CVE-2016-10995 (The Tevolution plugin before 2.3.0 for WordPress has arbitrary file up ...)
+ TODO: check
+CVE-2016-10994 (The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter. ...)
+ TODO: check
CVE-2016-10993 (The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s p ...)
TODO: check
CVE-2016-10992 (The music-store plugin before 1.0.43 for WordPress has XSS via the wp- ...)
@@ -585,10 +597,10 @@ CVE-2019-16218 (WordPress before 5.2.3 allows XSS in stored comments. ...)
CVE-2019-16217 (WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upl ...)
- wordpress 5.2.3+dfsg1-1 (bug #939543)
NOTE: https://core.trac.wordpress.org/changeset/45936
-CVE-2019-16216
- RESERVED
-CVE-2019-16215
- RESERVED
+CVE-2019-16216 (Zulip server before 2.0.5 incompletely validated the MIME types of upl ...)
+ TODO: check
+CVE-2019-16215 (The Markdown parser in Zulip server before 2.0.5 used a regular expres ...)
+ TODO: check
CVE-2019-16214 (Libra Core before 2019-09-03 has an erroneous regular expression for i ...)
NOT-FOR-US: Libra
CVE-2019-16213
@@ -1523,8 +1535,8 @@ CVE-2019-15845
RESERVED
CVE-2019-15844
RESERVED
-CVE-2019-15843
- RESERVED
+CVE-2019-15843 (A malicious file upload vulnerability was discovered in Xiaomi Millet ...)
+ TODO: check
CVE-2019-15842 (The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress ...)
NOT-FOR-US: easy-pdf-restaurant-menu-upload plugin for WordPress
CVE-2019-15841 (The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CS ...)
@@ -1645,7 +1657,7 @@ CVE-2019-15787 (libZetta.rs through 0.1.2 has an integer overflow in the zpool p
NOT-FOR-US: libzetta-rs
CVE-2019-15786 (ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large ...)
NOT-FOR-US: ROBOTIS Dynamixel SDK
-CVE-2019-15785 (FontForge through 20190801 has a buffer overflow in PrefsUI_LoadPrefs ...)
+CVE-2019-15785 (FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_L ...)
- fontforge <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/fontforge/fontforge/pull/3886
CVE-2019-15784 (Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array ov ...)
@@ -4089,7 +4101,7 @@ CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, the
NOTE: https://github.com/ImageMagick/ImageMagick6/issues/43
NOTE: Introduced in https://github.com/ImageMagick/ImageMagick6/commit/6f29b3755748a899145b639195dd3bc640d36bb4 (6.9.10-24)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/614a257295bdcdeda347086761062ac7658b6830 (6.9.10-42)
-CVE-2019-14979 (cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Ga ...)
+CVE-2019-14979 (** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Chec ...)
NOT-FOR-US: WooCommerce PayPal Checkout Payment Gateway plugin for WordPress
CVE-2019-14978 (/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugi ...)
NOT-FOR-US: WooCommerce PayU India Payment Gateway plugin for WordPress
@@ -5550,8 +5562,8 @@ CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by an integer overflow in
[stretch] - nfdump <no-dsa> (Minor issue)
NOTE: https://github.com/phaag/nfdump/issues/171
NOTE: https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b
-CVE-2019-14458
- RESERVED
+CVE-2019-14458 (VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of ...)
+ TODO: check
CVE-2019-14457 (VIVOTEK IP Camera devices with firmware before 0x20x have a stack-base ...)
NOT-FOR-US: VIVOTEK IP Camera devices
CVE-2019-14456 (Opengear console server firmware releases prior to 4.5.0 have a stored ...)
@@ -6726,12 +6738,12 @@ CVE-2019-14256
RESERVED
CVE-2019-14255 (A Server Side Request Forgery (SSRF) vulnerability in go-camo up to ve ...)
NOT-FOR-US: go-camo
-CVE-2019-14254
- RESERVED
-CVE-2019-14253
- RESERVED
-CVE-2019-14252
- RESERVED
+CVE-2019-14254 (An issue was discovered in the secure portal in Publisure 2.1.2. Becau ...)
+ TODO: check
+CVE-2019-14253 (An issue was discovered in servletcontroller in the secure portal in P ...)
+ TODO: check
+CVE-2019-14252 (An issue was discovered in the secure portal in Publisure 2.1.2. Once ...)
+ TODO: check
CVE-2019-14251
RESERVED
CVE-2019-14250 (An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...)
@@ -11811,8 +11823,8 @@ CVE-2019-12622 (A vulnerability in Cisco RoomOS Software could allow an authenti
NOT-FOR-US: Cisco
CVE-2019-12621 (A vulnerability in Cisco HyperFlex Software could allow an unauthentic ...)
NOT-FOR-US: Cisco
-CVE-2019-12620
- RESERVED
+CVE-2019-12620 (A vulnerability in the statistics collection service of Cisco HyperFle ...)
+ TODO: check
CVE-2019-12619
RESERVED
CVE-2019-12618 (HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via t ...)
@@ -14015,7 +14027,7 @@ CVE-2019-11753
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11753
CVE-2019-11752
RESERVED
- {DSA-4523-1 DSA-4516-1 DLA-1910-1}
+ {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
- thunderbird 1:60.9.0-1
@@ -14067,7 +14079,7 @@ CVE-2019-11747
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11747
CVE-2019-11746
RESERVED
- {DSA-4523-1 DSA-4516-1 DLA-1910-1}
+ {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
- thunderbird 1:60.9.0-1
@@ -14079,7 +14091,7 @@ CVE-2019-11745
RESERVED
CVE-2019-11744
RESERVED
- {DSA-4523-1 DSA-4516-1 DLA-1910-1}
+ {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
- thunderbird 1:60.9.0-1
@@ -14089,7 +14101,7 @@ CVE-2019-11744
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11744
CVE-2019-11743
RESERVED
- {DSA-4523-1 DSA-4516-1 DLA-1910-1}
+ {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
- thunderbird 1:60.9.0-1
@@ -14098,7 +14110,7 @@ CVE-2019-11743
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11743
CVE-2019-11742
RESERVED
- {DSA-4523-1 DSA-4516-1 DLA-1910-1}
+ {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
- thunderbird 1:60.9.0-1
@@ -14112,7 +14124,7 @@ CVE-2019-11741
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11741
CVE-2019-11740
RESERVED
- {DSA-4523-1 DSA-4516-1 DLA-1910-1}
+ {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
- firefox 69.0-1
- firefox-esr 68.1.0esr-1
- thunderbird 1:60.9.0-1
@@ -14122,7 +14134,7 @@ CVE-2019-11740
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11740
CVE-2019-11739
RESERVED
- {DSA-4523-1}
+ {DSA-4523-1 DLA-1926-1}
- thunderbird 1:60.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11739
CVE-2019-11738
@@ -20760,14 +20772,14 @@ CVE-2019-9682
RESERVED
CVE-2019-9681 (Online upgrade information in some firmware packages of Dahua products ...)
TODO: check
-CVE-2019-9680
- RESERVED
-CVE-2019-9679
- RESERVED
-CVE-2019-9678
- RESERVED
-CVE-2019-9677
- RESERVED
+CVE-2019-9680 (Some Dahua products have information leakage issues. Attackers can obt ...)
+ TODO: check
+CVE-2019-9679 (Some of Dahua's Debug functions do not have permission separation. Low ...)
+ TODO: check
+CVE-2019-9678 (Some Dahua products have the problem of denial of service during the l ...)
+ TODO: check
+CVE-2019-9677 (The specific fields of CGI interface of some Dahua products are not st ...)
+ TODO: check
CVE-2019-9676 (Buffer overflow vulnerability found in some Dahua IP Camera devices IP ...)
NOT-FOR-US: Dahua IP Camera devices
CVE-2019-9675 (** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7. ...)
@@ -26598,7 +26610,7 @@ CVE-2019-7443 (KDE KAuth before 5.55 allows the passing of parameters with arbit
NOTE: https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
CVE-2019-7442 (An XML external entity (XXE) vulnerability in the Password Vault Web A ...)
NOT-FOR-US: CyberArk Enterprise Password Vault
-CVE-2019-7441 (cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Ga ...)
+CVE-2019-7441 (** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Chec ...)
NOT-FOR-US: WooCommerce
CVE-2019-7440 (JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Ke ...)
NOT-FOR-US: JioFi
@@ -41673,8 +41685,8 @@ CVE-2019-1977 (A vulnerability within the Endpoint Learning feature of Cisco Nex
NOT-FOR-US: Cisco
CVE-2019-1976 (A vulnerability in the “plug-and-play” services co ...)
NOT-FOR-US: Cisco
-CVE-2019-1975
- RESERVED
+CVE-2019-1975 (A vulnerability in the web-based interface of Cisco HyperFlex Software ...)
+ TODO: check
CVE-2019-1974 (A vulnerability in the web-based management interface of Cisco Integra ...)
NOT-FOR-US: Cisco
CVE-2019-1973 (A vulnerability in the web portal framework of Cisco Enterprise NFV In ...)
@@ -95296,8 +95308,8 @@ CVE-2018-1849
RESERVED
CVE-2018-1848 (IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable t ...)
NOT-FOR-US: IBM
-CVE-2018-1847
- RESERVED
+CVE-2018-1847 (IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0 ...)
+ TODO: check
CVE-2018-1846 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 t ...)
NOT-FOR-US: IBM
CVE-2018-1845 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/938a1b94f1597cc710a81e8050c9dad6d5494a1d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/938a1b94f1597cc710a81e8050c9dad6d5494a1d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190918/aae265f2/attachment.html>
More information about the debian-security-tracker-commits
mailing list