[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Sep 26 09:10:30 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
371a76e8 by security tracker role at 2019-09-26T08:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2019-16902
+ RESERVED
+CVE-2019-16901 (Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain ...)
+ TODO: check
+CVE-2019-16900 (Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV sta ...)
+ TODO: check
+CVE-2019-16899 (In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Add ...)
+ TODO: check
+CVE-2019-16898
+ RESERVED
+CVE-2019-16897
+ RESERVED
+CVE-2019-16896
+ RESERVED
+CVE-2019-16895
+ RESERVED
+CVE-2019-16894
+ RESERVED
+CVE-2019-16893
+ RESERVED
+CVE-2019-16892 (In Rubyzip before 1.3.0, a crafted ZIP file can bypass application che ...)
+ TODO: check
+CVE-2019-16891
+ RESERVED
+CVE-2019-16890 (Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content ...)
+ TODO: check
+CVE-2019-16889 (Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause ...)
+ TODO: check
+CVE-2017-18635 (An XSS vulnerability was discovered in noVNC before 0.6.2 in which the ...)
+ TODO: check
CVE-2019-16888
RESERVED
CVE-2019-16887 (In IrfanView 4.53, Data from a Faulting Address controls a subsequent ...)
@@ -45,86 +75,86 @@ CVE-2019-16867 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the fi
NOT-FOR-US: HongCMS
CVE-2019-16866
RESERVED
-CVE-2015-9449
- RESERVED
-CVE-2015-9448
- RESERVED
-CVE-2015-9447
- RESERVED
-CVE-2015-9446
- RESERVED
-CVE-2015-9445
- RESERVED
-CVE-2015-9444
- RESERVED
-CVE-2015-9443
- RESERVED
-CVE-2015-9442
- RESERVED
-CVE-2015-9441
- RESERVED
-CVE-2015-9440
- RESERVED
-CVE-2015-9439
- RESERVED
-CVE-2015-9438
- RESERVED
-CVE-2015-9437
- RESERVED
-CVE-2015-9436
- RESERVED
-CVE-2015-9435
- RESERVED
-CVE-2015-9434
- RESERVED
-CVE-2015-9433
- RESERVED
-CVE-2015-9432
- RESERVED
-CVE-2015-9431
- RESERVED
-CVE-2015-9430
- RESERVED
-CVE-2015-9429
- RESERVED
-CVE-2015-9428
- RESERVED
-CVE-2015-9427
- RESERVED
-CVE-2015-9426
- RESERVED
-CVE-2015-9425
- RESERVED
-CVE-2015-9424
- RESERVED
-CVE-2015-9423
- RESERVED
-CVE-2015-9422
- RESERVED
-CVE-2015-9421
- RESERVED
-CVE-2015-9420
- RESERVED
-CVE-2015-9419
- RESERVED
-CVE-2015-9418
- RESERVED
-CVE-2015-9417
- RESERVED
-CVE-2015-9416
- RESERVED
-CVE-2015-9415
- RESERVED
-CVE-2015-9414
- RESERVED
-CVE-2015-9413
- RESERVED
-CVE-2015-9412
- RESERVED
-CVE-2015-9411
- RESERVED
-CVE-2015-9410
- RESERVED
+CVE-2015-9449 (The microblog-poster plugin before 1.6.2 for WordPress has SQL Injecti ...)
+ TODO: check
+CVE-2015-9448 (The sendpress plugin before 1.2 for WordPress has SQL Injection via th ...)
+ TODO: check
+CVE-2015-9447 (The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQ ...)
+ TODO: check
+CVE-2015-9446 (The unite-gallery-lite plugin before 1.5 for WordPress has SQL injecti ...)
+ TODO: check
+CVE-2015-9445 (The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQ ...)
+ TODO: check
+CVE-2015-9444 (The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-conten ...)
+ TODO: check
+CVE-2015-9443 (The accurate-form-data-real-time-form-validation plugin 1.2 for WordPr ...)
+ TODO: check
+CVE-2015-9442 (The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with r ...)
+ TODO: check
+CVE-2015-9441 (The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS ...)
+ TODO: check
+CVE-2015-9440 (The monetize plugin through 1.03 for WordPress has CSRF with resultant ...)
+ TODO: check
+CVE-2015-9439 (The addthis plugin before 5.0.13 for WordPress has CSRF with resultant ...)
+ TODO: check
+CVE-2015-9438 (The display-widgets plugin before 2.04 for WordPress has XSS via the w ...)
+ TODO: check
+CVE-2015-9437 (The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with r ...)
+ TODO: check
+CVE-2015-9436 (The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the ...)
+ TODO: check
+CVE-2015-9435 (The oauth2-provider plugin before 3.1.5 for WordPress has incorrect ge ...)
+ TODO: check
+CVE-2015-9434 (The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with ...)
+ TODO: check
+CVE-2015-9433 (The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has ...)
+ TODO: check
+CVE-2015-9432 (The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPres ...)
+ TODO: check
+CVE-2015-9431 (The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resul ...)
+ TODO: check
+CVE-2015-9430 (The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User- ...)
+ TODO: check
+CVE-2015-9429 (The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF w ...)
+ TODO: check
+CVE-2015-9428 (The wplegalpages plugin before 1.1 for WordPress has CSRF with resulta ...)
+ TODO: check
+CVE-2015-9427 (The googmonify plugin through 0.5.1 for WordPress has CSRF with result ...)
+ TODO: check
+CVE-2015-9426 (The manual-image-crop plugin before 1.11 for WordPress has CSRF with r ...)
+ TODO: check
+CVE-2015-9425 (The social-locker plugin before 4.2.5 for WordPress has CSRF with resu ...)
+ TODO: check
+CVE-2015-9424 (The multicons plugin before 3.0 for WordPress has CSRF with resultant ...)
+ TODO: check
+CVE-2015-9423 (The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XS ...)
+ TODO: check
+CVE-2015-9422 (The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CS ...)
+ TODO: check
+CVE-2015-9421 (The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF wi ...)
+ TODO: check
+CVE-2015-9420 (The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via t ...)
+ TODO: check
+CVE-2015-9419 (The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or C ...)
+ TODO: check
+CVE-2015-9418 (The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows ...)
+ TODO: check
+CVE-2015-9417 (The testimonial-slider plugin through 1.2.1 for WordPress has CSRF wit ...)
+ TODO: check
+CVE-2015-9416 (The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPr ...)
+ TODO: check
+CVE-2015-9415 (The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclu ...)
+ TODO: check
+CVE-2015-9414 (The wp-symposium plugin through 15.8.1 for WordPress has XSS via the w ...)
+ TODO: check
+CVE-2015-9413 (The eshop plugin through 6.3.13 for WordPress has CSRF with resultant ...)
+ TODO: check
+CVE-2015-9412 (The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rst ...)
+ TODO: check
+CVE-2015-9411 (The Postmatic plugin before 1.4.6 for WordPress has XSS. ...)
+ TODO: check
+CVE-2015-9410 (The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS v ...)
+ TODO: check
CVE-2015-9409 (The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resu ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-16865
@@ -380,8 +410,8 @@ CVE-2019-16740
RESERVED
CVE-2019-16739
RESERVED
-CVE-2019-16738
- RESERVED
+CVE-2019-16738 (In MediaWiki through 1.33.0, Special:Redirect allows information discl ...)
+ TODO: check
CVE-2019-16737
RESERVED
CVE-2019-16736
@@ -1689,8 +1719,8 @@ CVE-2019-16255
RESERVED
CVE-2019-16254
RESERVED
-CVE-2019-16253
- RESERVED
+CVE-2019-16253 (The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 ...)
+ TODO: check
CVE-2019-16252
RESERVED
CVE-2019-16251
@@ -2487,8 +2517,8 @@ CVE-2019-15943 (vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1
CVE-2019-15942 (FFmpeg through 4.2 has a "Conditional jump or move depends on uninitia ...)
- ffmpeg <not-affected> (Only affects 4.2)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71
-CVE-2019-15941 [oidc authorization codes are not tied to their RP]
- RESERVED
+CVE-2019-15941 (OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an ...)
+ {DSA-4533-1}
- lemonldap-ng 2.0.6+ds-1
[stretch] - lemonldap-ng <ignored> (Restrictions on OIDC federation added in 2.0)
[jessie] - lemonldap-ng <not-affected> (Vulnerable code introduced later)
@@ -6287,8 +6317,8 @@ CVE-2019-14667 (Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues
NOT-FOR-US: Firefly
CVE-2015-9292 (6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code p ...)
NOT-FOR-US: 6kbbs
-CVE-2019-14666
- RESERVED
+CVE-2019-14666 (GLPI through 9.4.3 is prone to account takeover by abusing the ajax/au ...)
+ TODO: check
CVE-2019-14665 (Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ...)
- brandy <unfixed> (unimportant; bug #933996)
NOTE: https://sourceforge.net/p/brandy/bugs/8/
@@ -12943,8 +12973,8 @@ CVE-2019-12719
RESERVED
CVE-2019-12718
RESERVED
-CVE-2019-12717
- RESERVED
+CVE-2019-12717 (A vulnerability in a CLI command related to the virtualization manager ...)
+ TODO: check
CVE-2019-12716
RESERVED
CVE-2019-12715
@@ -12959,8 +12989,8 @@ CVE-2019-12711
RESERVED
CVE-2019-12710
RESERVED
-CVE-2019-12709
- RESERVED
+CVE-2019-12709 (A vulnerability in a CLI command related to the virtualization manager ...)
+ TODO: check
CVE-2019-12708
RESERVED
CVE-2019-12707
@@ -13033,60 +13063,60 @@ CVE-2019-12674
RESERVED
CVE-2019-12673
RESERVED
-CVE-2019-12672
- RESERVED
-CVE-2019-12671
- RESERVED
-CVE-2019-12670
- RESERVED
-CVE-2019-12669
- RESERVED
-CVE-2019-12668
- RESERVED
-CVE-2019-12667
- RESERVED
-CVE-2019-12666
- RESERVED
-CVE-2019-12665
- RESERVED
-CVE-2019-12664
- RESERVED
-CVE-2019-12663
- RESERVED
-CVE-2019-12662
- RESERVED
-CVE-2019-12661
- RESERVED
-CVE-2019-12660
- RESERVED
-CVE-2019-12659
- RESERVED
-CVE-2019-12658
- RESERVED
-CVE-2019-12657
- RESERVED
-CVE-2019-12656
- RESERVED
-CVE-2019-12655
- RESERVED
-CVE-2019-12654
- RESERVED
-CVE-2019-12653
- RESERVED
-CVE-2019-12652
- RESERVED
-CVE-2019-12651
- RESERVED
-CVE-2019-12650
- RESERVED
-CVE-2019-12649
- RESERVED
-CVE-2019-12648
- RESERVED
-CVE-2019-12647
- RESERVED
-CVE-2019-12646
- RESERVED
+CVE-2019-12672 (A vulnerability in the filesystem of Cisco IOS XE Software could allow ...)
+ TODO: check
+CVE-2019-12671 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
+ TODO: check
+CVE-2019-12670 (A vulnerability in the filesystem of Cisco IOS XE Software could allow ...)
+ TODO: check
+CVE-2019-12669 (A vulnerability in the RADIUS Change of Authorization (CoA) code of Ci ...)
+ TODO: check
+CVE-2019-12668 (A vulnerability in the web framework code of Cisco IOS and Cisco IOS X ...)
+ TODO: check
+CVE-2019-12667 (A vulnerability in the web framework code of Cisco IOS XE Software cou ...)
+ TODO: check
+CVE-2019-12666 (A vulnerability in the Guest Shell of Cisco IOS XE Software could allo ...)
+ TODO: check
+CVE-2019-12665 (A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Sof ...)
+ TODO: check
+CVE-2019-12664 (A vulnerability in the Dialer interface feature for ISDN connections i ...)
+ TODO: check
+CVE-2019-12663 (A vulnerability in the Cisco TrustSec (CTS) Protected Access Credentia ...)
+ TODO: check
+CVE-2019-12662 (A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software coul ...)
+ TODO: check
+CVE-2019-12661 (A vulnerability in a Virtualization Manager (VMAN) related CLI command ...)
+ TODO: check
+CVE-2019-12660 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
+ TODO: check
+CVE-2019-12659 (A vulnerability in the HTTP server code of Cisco IOS XE Software could ...)
+ TODO: check
+CVE-2019-12658 (A vulnerability in the filesystem resource management code of Cisco IO ...)
+ TODO: check
+CVE-2019-12657 (A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Softwa ...)
+ TODO: check
+CVE-2019-12656 (A vulnerability in the IOx application environment of multiple Cisco p ...)
+ TODO: check
+CVE-2019-12655 (A vulnerability in the FTP application layer gateway (ALG) functionali ...)
+ TODO: check
+CVE-2019-12654 (A vulnerability in the common Session Initiation Protocol (SIP) librar ...)
+ TODO: check
+CVE-2019-12653 (A vulnerability in the Raw Socket Transport feature of Cisco IOS XE So ...)
+ TODO: check
+CVE-2019-12652 (A vulnerability in the ingress packet processing function of Cisco IOS ...)
+ TODO: check
+CVE-2019-12651 (Multiple vulnerabilities in the web-based user interface (Web UI) of C ...)
+ TODO: check
+CVE-2019-12650 (Multiple vulnerabilities in the web-based user interface (Web UI) of C ...)
+ TODO: check
+CVE-2019-12649 (A vulnerability in the Image Verification feature of Cisco IOS XE Soft ...)
+ TODO: check
+CVE-2019-12648 (A vulnerability in the IOx application environment for Cisco IOS Softw ...)
+ TODO: check
+CVE-2019-12647 (A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE ...)
+ TODO: check
+CVE-2019-12646 (A vulnerability in the Network Address Translation (NAT) Session Initi ...)
+ TODO: check
CVE-2019-12645 (A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Softwar ...)
NOT-FOR-US: Cisco
CVE-2019-12644 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -32981,6 +33011,7 @@ CVE-2019-5479 (An unintended require vulnerability in <v0.5.5 larvitbase-api
CVE-2019-5478 (A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ dev ...)
NOT-FOR-US: Encrypt Only boot mode in Zynq UltraScale+ devices
CVE-2019-5477 (A command injection vulnerability in Nokogiri v1.10.3 and earlier allo ...)
+ {DLA-1933-1}
- rexical <unfixed> (bug #940905)
[buster] - rexical <no-dsa> (Minor issue, can be fixed via point release)
[stretch] - rexical <no-dsa> (Minor issue, can be fixed via point release)
@@ -34969,8 +35000,8 @@ CVE-2019-4573
RESERVED
CVE-2019-4572
RESERVED
-CVE-2019-4571
- RESERVED
+CVE-2019-4571 (IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Thi ...)
+ TODO: check
CVE-2019-4570
RESERVED
CVE-2019-4569
@@ -52793,7 +52824,8 @@ CVE-2015-9267 (Nullsoft Scriptable Install System (NSIS) before 2.49 uses tempor
{DLA-1602-1}
- nsis 2.50-1
NOTE: https://sourceforge.net/p/nsis/bugs/1125/
-CVE-2018-17793 (** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "python $ ...)
+CVE-2018-17793
+ REJECTED
- python-virtualenv <unfixed> (unimportant)
NOTE: https://github.com/pypa/virtualenv/issues/1207
NOTE: No real security impact. 3rd party requested CVE rejection
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/371a76e86b715c3d0cd79bce75819c5b27e75cc8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/371a76e86b715c3d0cd79bce75819c5b27e75cc8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190926/113aa51f/attachment.html>
More information about the debian-security-tracker-commits
mailing list