Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e65f0bc2 by security tracker role at 2019-08-27T20:10:20Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,102 +1,194 @@ -CVE-2019-15666 (An issue was discovered in the Linux kernel before 5.0.19. There is an ...) - - linux 5.2.6-1 - [jessie] - linux 3.16.72-1 - NOTE: https://git.kernel.org/linus/b805d78d300bcf2c83d6df7da0c818b0fee41427 -CVE-2019-15665 +CVE-2019-15712 RESERVED -CVE-2019-15664 +CVE-2019-15711 RESERVED -CVE-2019-15663 +CVE-2019-15710 RESERVED -CVE-2019-15662 +CVE-2019-15709 RESERVED -CVE-2019-15661 +CVE-2019-15708 RESERVED -CVE-2019-15660 +CVE-2019-15707 RESERVED -CVE-2019-15659 +CVE-2019-15706 RESERVED -CVE-2019-15658 (connect-pg-simple before 6.0.1 allows SQL injection if tableName or sc ...) +CVE-2019-15705 + RESERVED +CVE-2019-15704 + RESERVED +CVE-2019-15703 + RESERVED +CVE-2019-15702 (In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the pars ...) TODO: check -CVE-2019-15657 (In eslint-utils before 1.4.1, the getStaticValue function can execute ...) +CVE-2019-15701 (components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote atta ...) TODO: check -CVE-2019-15656 +CVE-2019-15700 (public/js/frappe/form/footer/timeline.js in Frappe Framework 12 throug ...) + TODO: check +CVE-2019-15699 RESERVED -CVE-2019-15655 +CVE-2019-15698 (In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, ...) + TODO: check +CVE-2019-15697 RESERVED -CVE-2019-15654 +CVE-2019-15696 RESERVED -CVE-2019-15653 +CVE-2019-15695 RESERVED -CVE-2019-15652 +CVE-2019-15694 RESERVED -CVE-2019-15651 (wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCert ...) - - wolfssl <unfixed> - NOTE: https://github.com/wolfSSL/wolfssl/issues/2421 -CVE-2019-15650 +CVE-2019-15693 RESERVED -CVE-2019-15649 +CVE-2019-15692 RESERVED -CVE-2019-15648 +CVE-2019-15691 RESERVED -CVE-2019-15647 +CVE-2019-15690 RESERVED -CVE-2019-15646 +CVE-2019-15689 RESERVED -CVE-2019-15645 +CVE-2019-15688 RESERVED -CVE-2019-15644 +CVE-2019-15687 RESERVED -CVE-2019-15643 +CVE-2019-15686 RESERVED -CVE-2018-21006 +CVE-2019-15685 RESERVED -CVE-2018-21005 +CVE-2019-15684 RESERVED -CVE-2018-21004 +CVE-2019-15683 RESERVED -CVE-2018-21003 +CVE-2019-15682 RESERVED -CVE-2018-21002 +CVE-2019-15681 RESERVED -CVE-2018-21001 +CVE-2019-15680 RESERVED -CVE-2017-18592 +CVE-2019-15679 RESERVED -CVE-2017-18591 +CVE-2019-15678 RESERVED -CVE-2017-18590 +CVE-2019-15677 RESERVED -CVE-2016-10936 +CVE-2019-15676 RESERVED -CVE-2016-10935 +CVE-2019-15675 RESERVED -CVE-2016-10934 +CVE-2019-15674 RESERVED -CVE-2015-9352 +CVE-2019-15673 RESERVED -CVE-2015-9351 +CVE-2019-15672 RESERVED -CVE-2015-9350 +CVE-2019-15671 + RESERVED +CVE-2019-15670 + RESERVED +CVE-2019-15669 + RESERVED +CVE-2019-15668 + RESERVED +CVE-2019-15667 + RESERVED +CVE-2019-15666 (An issue was discovered in the Linux kernel before 5.0.19. There is an ...) + - linux 5.2.6-1 + [jessie] - linux 3.16.72-1 + NOTE: https://git.kernel.org/linus/b805d78d300bcf2c83d6df7da0c818b0fee41427 +CVE-2019-15665 RESERVED -CVE-2015-9349 +CVE-2019-15664 RESERVED -CVE-2015-9348 +CVE-2019-15663 RESERVED -CVE-2015-9347 +CVE-2019-15662 RESERVED -CVE-2015-9346 +CVE-2019-15661 RESERVED -CVE-2015-9345 +CVE-2019-15660 (The wp-members plugin before 3.2.8 for WordPress has CSRF. ...) + TODO: check +CVE-2019-15659 (The pie-register plugin before 3.1.2 for WordPress has SQL injection, ...) + TODO: check +CVE-2019-15658 (connect-pg-simple before 6.0.1 allows SQL injection if tableName or sc ...) + TODO: check +CVE-2019-15657 (In eslint-utils before 1.4.1, the getStaticValue function can execute ...) + TODO: check +CVE-2019-15656 RESERVED -CVE-2015-9344 +CVE-2019-15655 RESERVED -CVE-2015-9343 +CVE-2019-15654 RESERVED -CVE-2015-9342 +CVE-2019-15653 RESERVED -CVE-2014-10395 +CVE-2019-15652 RESERVED +CVE-2019-15651 (wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCert ...) + - wolfssl <unfixed> + NOTE: https://github.com/wolfSSL/wolfssl/issues/2421 +CVE-2019-15650 (The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPr ...) + TODO: check +CVE-2019-15649 (The insert-or-embed-articulate-content-into-wordpress plugin before 4. ...) + TODO: check +CVE-2019-15648 (The insert-or-embed-articulate-content-into-wordpress plugin before 4. ...) + TODO: check +CVE-2019-15647 (The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-aj ...) + TODO: check +CVE-2019-15646 (The rsvpmaker plugin before 6.2 for WordPress has SQL injection. ...) + TODO: check +CVE-2019-15645 (The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. ...) + TODO: check +CVE-2019-15644 (The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. ...) + TODO: check +CVE-2019-15643 (The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. ...) + TODO: check +CVE-2018-21006 (The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. ...) + TODO: check +CVE-2018-21005 (The bbp-move-topics plugin before 1.1.6 for WordPress has code injecti ...) + TODO: check +CVE-2018-21004 (The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. ...) + TODO: check +CVE-2018-21003 (The buddyforms plugin before 2.2.8 for WordPress has SQL injection. ...) + TODO: check +CVE-2018-21002 (The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. ...) + TODO: check +CVE-2018-21001 (The anycomment plugin before 0.0.33 for WordPress has XSS. ...) + TODO: check +CVE-2017-18592 (The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has ...) + TODO: check +CVE-2017-18591 (The gd-rating-system plugin before 2.1 for WordPress has XSS in log.ph ...) + TODO: check +CVE-2017-18590 (The timesheet plugin before 0.1.5 for WordPress has multiple XSS issue ...) + TODO: check +CVE-2016-10936 (The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll b ...) + TODO: check +CVE-2016-10935 (The woocommerce-exporter plugin before 1.8.4 for WordPress has privile ...) + TODO: check +CVE-2016-10934 (The check-email plugin before 0.5.2 for WordPress has XSS. ...) + TODO: check +CVE-2015-9352 (The wp-polls plugin before 2.72 for WordPress has SQL injection. ...) + TODO: check +CVE-2015-9351 (The feed-them-social plugin before 1.7.0 for WordPress has possible sh ...) + TODO: check +CVE-2015-9350 (The feed-them-social plugin before 1.7.0 for WordPress has reflected X ...) + TODO: check +CVE-2015-9349 (The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has ref ...) + TODO: check +CVE-2015-9348 (The sell-downloads plugin before 1.0.8 for WordPress has insufficient ...) + TODO: check +CVE-2015-9347 (The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors. ...) + TODO: check +CVE-2015-9346 (The cp-polls plugin before 1.0.5 for WordPress has XSS. ...) + TODO: check +CVE-2015-9345 (The link-log plugin before 2.0 for WordPress has HTTP Response Splitti ...) + TODO: check +CVE-2015-9344 (The link-log plugin before 2.1 for WordPress has SQL injection. ...) + TODO: check +CVE-2015-9343 (The wp-rollback plugin before 1.2.3 for WordPress has CSRF. ...) + TODO: check +CVE-2015-9342 (The wp-rollback plugin before 1.2.3 for WordPress has XSS. ...) + TODO: check +CVE-2014-10395 (The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes li ...) + TODO: check CVE-2019-15642 (rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execu ...) - webmin <removed> CVE-2019-15641 (xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. B ...) @@ -827,7 +919,7 @@ CVE-2019-15316 (Valve Steam Client for Windows through 2019-08-20 has weak folde NOT-FOR-US: Valve Steam Client for Windows CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows privilege esc ...) NOT-FOR-US: Valve Steam Client for Windows -CVE-2018-20986 (The advanced-custom-fields plugin before 5.7.8 for WordPress has XSS b ...) +CVE-2018-20986 (The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) ...) NOT-FOR-US: advanced-custom-fields plugin for WordPress CVE-2018-20985 (The wp-payeezy-pay plugin before 2.98 for WordPress has local file inc ...) NOT-FOR-US: wp-payeezy-pay plugin for WordPress @@ -4308,8 +4400,8 @@ CVE-2019-14316 RESERVED CVE-2019-14315 (A cross-site scripting (XSS) vulnerability in upload.php in SunHater K ...) NOT-FOR-US: SunHater KCFinder -CVE-2019-14314 - RESERVED +CVE-2019-14314 (A SQL injection vulnerability exists in the Imagely NextGEN Gallery pl ...) + TODO: check CVE-2019-14313 (A SQL injection vulnerability exists in the 10Web Photo Gallery plugin ...) NOT-FOR-US: 10Web Photo Gallery plugin for WordPress CVE-2019-14312 (Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulner ...) @@ -7272,22 +7364,19 @@ CVE-2019-13488 (A cross-site scripting (XSS) vulnerability in static/js/trape.js NOT-FOR-US: Trape CVE-2019-13487 RESERVED -CVE-2019-13486 - RESERVED +CVE-2019-13486 (In Xymon through 4.3.28, a stack-based buffer overflow exists in the s ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon <no-dsa> (Minor issue) [stretch] - xymon <no-dsa> (Minor issue) NOTE: https://lists.xymon.com/archive/2019-July/046570.html -CVE-2019-13485 - RESERVED +CVE-2019-13485 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerability e ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon <no-dsa> (Minor issue) [stretch] - xymon <no-dsa> (Minor issue) NOTE: https://lists.xymon.com/archive/2019-July/046570.html -CVE-2019-13484 - RESERVED +CVE-2019-13484 (In Xymon through 4.3.28, a buffer overflow exists in the status-log vi ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon <no-dsa> (Minor issue) @@ -7366,8 +7455,7 @@ CVE-2019-13456 NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586 (3.0.x) NOTE: Issue seems to be treated as different issue than CVE-2019-11234 and CVE-2019-11235 TODO: double check assessment and classification -CVE-2019-13455 - RESERVED +CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerability e ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon <no-dsa> (Minor issue) @@ -7385,15 +7473,13 @@ CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed z [jessie] - zipios++ <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/ NOTE: Patch: https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch -CVE-2019-13452 - RESERVED +CVE-2019-13452 (In Xymon through 4.3.28, a buffer overflow vulnerability exists in rep ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon <no-dsa> (Minor issue) [stretch] - xymon <no-dsa> (Minor issue) NOTE: https://lists.xymon.com/archive/2019-July/046570.html -CVE-2019-13451 - RESERVED +CVE-2019-13451 (In Xymon through 4.3.28, a buffer overflow vulnerability exists in his ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon <no-dsa> (Minor issue) @@ -7841,15 +7927,13 @@ CVE-2019-13276 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 co NOT-FOR-US: TRENDnet CVE-2019-13275 (An issue was discovered in the VeronaLabs wp-statistics plugin before ...) NOT-FOR-US: VeronaLabs wp-statistics plugin for WordPress -CVE-2019-13274 - RESERVED +CVE-2019-13274 (In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CG ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon <no-dsa> (Minor issue) [stretch] - xymon <no-dsa> (Minor issue) NOTE: https://lists.xymon.com/archive/2019-July/046570.html -CVE-2019-13273 - RESERVED +CVE-2019-13273 (In Xymon through 4.3.28, a buffer overflow vulnerability exists in the ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon <no-dsa> (Minor issue) @@ -7861,24 +7945,24 @@ CVE-2019-13272 (In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace. NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1140671 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1903 NOTE: https://git.kernel.org/linus/6994eefb0053799d2e07cd140df6c2ea106c41ee -CVE-2019-13271 - RESERVED -CVE-2019-13270 - RESERVED -CVE-2019-13269 - RESERVED -CVE-2019-13268 - RESERVED -CVE-2019-13267 - RESERVED -CVE-2019-13266 - RESERVED -CVE-2019-13265 - RESERVED -CVE-2019-13264 - RESERVED -CVE-2019-13263 - RESERVED +CVE-2019-13271 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...) + TODO: check +CVE-2019-13270 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...) + TODO: check +CVE-2019-13269 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...) + TODO: check +CVE-2019-13268 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...) + TODO: check +CVE-2019-13267 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...) + TODO: check +CVE-2019-13266 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...) + TODO: check +CVE-2019-13265 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...) + TODO: check +CVE-2019-13264 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...) + TODO: check +CVE-2019-13263 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...) + TODO: check CVE-2019-13262 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...) NOT-FOR-US: XnView CVE-2019-13261 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...) @@ -7935,14 +8019,14 @@ CVE-2019-13239 (inc/user.class.php in GLPI before 9.4.3 allows XSS via a user pi NOTE: Only supported behind an authenticated HTTP zone CVE-2019-13238 (An issue was discovered in Bento4 1.5.1.0. A memory allocation failure ...) NOT-FOR-US: Bento4 -CVE-2019-13237 - RESERVED -CVE-2019-13236 - RESERVED -CVE-2019-13235 - RESERVED -CVE-2019-13234 - RESERVED +CVE-2019-13237 (In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vul ...) + TODO: check +CVE-2019-13236 (In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are m ...) + TODO: check +CVE-2019-13235 (In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS ...) + TODO: check +CVE-2019-13234 (In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS ...) + TODO: check CVE-2019-13232 (Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP co ...) {DLA-1846-1} - unzip 6.0-24 (unimportant; bug #931433) @@ -12738,8 +12822,8 @@ CVE-2019-11458 (An issue was discovered in SmtpTransport in CakePHP 3.7.6. An un - cakephp <not-affected> (Vulnerable code introduced in 3.0.0) NOTE: https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e NOTE: https://github.com/cakephp/cakephp/pull/13153 -CVE-2019-11457 - RESERVED +CVE-2019-11457 (Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /chang ...) + TODO: check CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. ...) NOT-FOR-US: Gila CMS CVE-2019-11455 (A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit bef ...) @@ -18706,7 +18790,7 @@ CVE-2019-9571 RESERVED CVE-2019-9570 (An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom tex ...) NOT-FOR-US: YzmCMS -CVE-2019-9569 (Buffer Overflow in dacterea in Delta Controls enteliBUS Manager V3.40_ ...) +CVE-2019-9569 (Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_ ...) TODO: check CVE-2019-9568 (The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1 ...) NOT-FOR-US: WordPress plugin forminator @@ -49338,7 +49422,7 @@ CVE-2018-17559 CVE-2018-17558 RESERVED CVE-2018-17557 - RESERVED + REJECTED CVE-2018-17556 (MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Sou ...) NOT-FOR-US: MODX Revolution CVE-2018-17555 (The web component on ARRIS TG2492LG-NA 061213 devices allows remote at ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e65f0bc253ade2bdb7ac5c04839114a8cca3c0ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e65f0bc253ade2bdb7ac5c04839114a8cca3c0ff You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits