Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9d0e50d8 by security tracker role at 2019-08-30T20:10:21Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,65 +1,71 @@ -CVE-2019-15842 +CVE-2019-15845 RESERVED -CVE-2019-15841 +CVE-2019-15844 RESERVED -CVE-2019-15840 - RESERVED -CVE-2019-15839 - RESERVED -CVE-2019-15838 - RESERVED -CVE-2019-15837 - RESERVED -CVE-2019-15836 - RESERVED -CVE-2019-15835 - RESERVED -CVE-2019-15834 - RESERVED -CVE-2019-15833 - RESERVED -CVE-2019-15832 - RESERVED -CVE-2019-15831 - RESERVED -CVE-2019-15830 - RESERVED -CVE-2019-15829 - RESERVED -CVE-2019-15828 - RESERVED -CVE-2019-15827 - RESERVED -CVE-2019-15826 - RESERVED -CVE-2019-15825 - RESERVED -CVE-2019-15824 - RESERVED -CVE-2019-15823 - RESERVED -CVE-2019-15822 - RESERVED -CVE-2019-15821 - RESERVED -CVE-2019-15820 - RESERVED -CVE-2019-15819 - RESERVED -CVE-2019-15818 - RESERVED -CVE-2019-15817 - RESERVED -CVE-2019-15816 +CVE-2019-15843 RESERVED +CVE-2019-15842 (The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress ...) + TODO: check +CVE-2019-15841 (The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CS ...) + TODO: check +CVE-2019-15840 (The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CS ...) + TODO: check +CVE-2019-15839 (The sina-extension-for-elementor plugin before 2.2.1 for WordPress has ...) + TODO: check +CVE-2019-15838 (The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS ...) + TODO: check +CVE-2019-15837 (The webp-express plugin before 0.14.8 for WordPress has stored XSS. ...) + TODO: check +CVE-2019-15836 (The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored X ...) + TODO: check +CVE-2019-15835 (The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. ...) + TODO: check +CVE-2019-15834 (The webp-converter-for-media plugin before 1.0.3 for WordPress has CSR ...) + TODO: check +CVE-2019-15833 (The simple-mail-address-encoder plugin before 1.7 for WordPress has re ...) + TODO: check +CVE-2019-15832 (The visitors-traffic-real-time-statistics plugin before 1.13 for WordP ...) + TODO: check +CVE-2019-15831 (The visitors-traffic-real-time-statistics plugin before 1.12 for WordP ...) + TODO: check +CVE-2019-15830 (The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. ...) + TODO: check +CVE-2019-15829 (The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp ...) + TODO: check +CVE-2019-15828 (The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. ...) + TODO: check +CVE-2019-15827 (The onesignal-free-web-push-notifications plugin before 1.17.8 for Wor ...) + TODO: check +CVE-2019-15826 (The wps-hide-login plugin before 1.5.3 for WordPress has a protection ...) + TODO: check +CVE-2019-15825 (The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp& ...) + TODO: check +CVE-2019-15824 (The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash ...) + TODO: check +CVE-2019-15823 (The wps-hide-login plugin before 1.5.3 for WordPress has an action=con ...) + TODO: check +CVE-2019-15822 (The wps-child-theme-generator plugin before 1.2 for WordPress has clas ...) + TODO: check +CVE-2019-15821 (The bold-page-builder plugin before 2.3.2 for WordPress has no protect ...) + TODO: check +CVE-2019-15820 (The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no ...) + TODO: check +CVE-2019-15819 (The nd-restaurant-reservations plugin before 1.5 for WordPress has no ...) + TODO: check +CVE-2019-15818 (The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for ...) + TODO: check +CVE-2019-15817 (The easy-property-listings plugin before 3.4 for WordPress has XSS. ...) + TODO: check +CVE-2019-15816 (The wp-private-content-plus plugin before 2.0 for WordPress has no pro ...) + TODO: check CVE-2019-15815 RESERVED CVE-2019-15814 RESERVED CVE-2019-15813 RESERVED -CVE-2015-9380 - RESERVED +CVE-2015-9380 (The photo-gallery plugin before 1.2.42 for WordPress has CSRF. ...) + TODO: check CVE-2019-15812 RESERVED CVE-2019-15811 (In DomainMOD through 4.13, the parameter daterange in the file reporti ...) @@ -555,8 +561,8 @@ CVE-2019-15632 RESERVED CVE-2019-15631 RESERVED -CVE-2019-15630 - RESERVED +CVE-2019-15630 (Directory Traversal in APIkit, http-connector, and OAuth2 Provider mod ...) + TODO: check CVE-2019-15629 RESERVED CVE-2019-15628 @@ -2278,8 +2284,8 @@ CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact could NOT-FOR-US: Joomla! CVE-2019-15027 (The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on ...) TODO: check -CVE-2019-15026 - RESERVED +CVE-2019-15026 (memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer ...) + TODO: check CVE-2019-15025 (The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection ...) NOT-FOR-US: ninja-forms plugin for WordPress CVE-2018-20968 (The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. ...) @@ -3814,6 +3820,7 @@ CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c CVE-2019-14467 RESERVED CVE-2019-14466 [GOsa <= 2.7.5.2 uses unserialize to restore filter settings from a cookie. Since this cookie is supplied by the client, authenticated users can pass arbitrary content to unserialized, which opens GOsa up to a potential PHP object injection.] + RESERVED - gosa <unfixed> NOTE: https://github.com/gosa-project/gosa-core/commit/e1504e9765db2adde8b4685b5c93fbba57df868b (fix) NOTE: https://github.com/gosa-project/gosa-core/commit/90b674960335d888c76ca5e99027df8e7fa66f3a (fixing the prev commit) @@ -9623,8 +9630,8 @@ CVE-2019-12812 RESERVED CVE-2019-12811 RESERVED -CVE-2019-12810 - RESERVED +CVE-2019-12810 (A memory corruption vulnerability exists in the .PSD parsing functiona ...) + TODO: check CVE-2019-12809 (Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contai ...) NOT-FOR-US: Yes24ViewerX ActiveX Control CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a local priv ...) @@ -38501,10 +38508,10 @@ CVE-2019-2392 RESERVED CVE-2019-2391 RESERVED -CVE-2019-2390 - RESERVED -CVE-2019-2389 - RESERVED +CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can create ...) + TODO: check +CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's packaged SysV ...) + TODO: check CVE-2019-2388 RESERVED CVE-2019-2387 @@ -63108,23 +63115,23 @@ CVE-2018-12442 CVE-2018-12441 (The CorsairService Service in Corsair Utility Engine is installed with ...) NOT-FOR-US: Corsair CVE-2017-18341 - RESERVED + REJECTED CVE-2017-18340 - RESERVED + REJECTED CVE-2017-18339 - RESERVED + REJECTED CVE-2017-18338 - RESERVED + REJECTED CVE-2017-18337 - RESERVED + REJECTED CVE-2017-18336 - RESERVED + REJECTED CVE-2017-18335 - RESERVED + REJECTED CVE-2017-18334 - RESERVED + REJECTED CVE-2017-18333 - RESERVED + REJECTED CVE-2017-18332 (Security keys are logged when any WCDMA call is configured or reconfig ...) NOT-FOR-US: Qualcomm components for Android CVE-2017-18331 (Improper access control on secure display buffers in snapdragon automo ...) @@ -63140,7 +63147,7 @@ CVE-2017-18327 (Security keys are logged when any WCDMA call is configured or re CVE-2017-18326 (Cryptographic keys are printed in modem debug messages in snapdragon m ...) NOT-FOR-US: snapdragon CVE-2017-18325 - RESERVED + REJECTED CVE-2017-18324 (Cryptographic key material leaked in debug messages - GERAN in snapdra ...) NOT-FOR-US: snapdragon CVE-2017-18323 (Cryptographic key material leaked in TDSCDMA RRC debug messages in sna ...) @@ -64539,7 +64546,7 @@ CVE-2018-11991 CVE-2018-11990 RESERVED CVE-2018-11989 - RESERVED + REJECTED CVE-2018-11988 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: CodeAurora components for Android CVE-2018-11987 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) @@ -64564,25 +64571,25 @@ CVE-2018-11980 CVE-2018-11979 RESERVED CVE-2018-11978 - RESERVED + REJECTED CVE-2018-11977 - RESERVED + REJECTED CVE-2018-11976 (ECDSA signature code leaks private keys from secure world to non-secur ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11975 - RESERVED + REJECTED CVE-2018-11974 - RESERVED + REJECTED CVE-2018-11973 - RESERVED + REJECTED CVE-2018-11972 - RESERVED + REJECTED CVE-2018-11971 (Interrupt exit code flow may undermine access control policy set forth ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11970 (TZ App dynamic allocations not protected from XBL loader in Snapdragon ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11969 - RESERVED + REJECTED CVE-2018-11968 (Improper check before assigning value can lead to integer overflow in ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11967 (Signature verification of the skel library could potentially be disabl ...) @@ -64602,7 +64609,7 @@ CVE-2018-11961 (In all android releases(Android for MSM, Firefox OS for MSM, QRD CVE-2018-11960 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) NOT-FOR-US: CodeAurora components for Android CVE-2018-11959 - RESERVED + REJECTED CVE-2018-11958 (Insufficient protection of keys in keypad can lead HLOS to gain access ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11957 @@ -64639,7 +64646,7 @@ CVE-2018-11943 (In all android releases(Android for MSM, Firefox OS for MSM, QRD CVE-2018-11942 (Failure to initialize the reserved memory which is sent to the firmwar ...) NOT-FOR-US: Snapdragon CVE-2018-11941 - RESERVED + REJECTED CVE-2018-11940 (Lack of check in length before using memcpy in WLAN function can lead ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11939 (Use after issue in WLAN function due to multiple ACS scan requests at ...) @@ -64655,7 +64662,7 @@ CVE-2018-11935 (Improper input validation might result in incorrect app id retur CVE-2018-11934 (Possible out of bounds write due to improper input validation while pr ...) NOT-FOR-US: Snapdragon CVE-2018-11933 - RESERVED + REJECTED CVE-2018-11932 (Improper input validation can lead RW access to secure subsystem from ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11931 (Improper access to HLOS is possible while transferring memory to CPZ i ...) @@ -64871,7 +64878,7 @@ CVE-2018-11827 (In all android releases (Android for MSM, Firefox OS for MSM, QR CVE-2018-11826 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11825 - RESERVED + REJECTED CVE-2018-11824 (A stack-based buffer overflow can occur in a firmware routine in Snapd ...) NOT-FOR-US: Qualcomm components for Android CVE-2018-11823 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) @@ -111695,7 +111702,7 @@ CVE-2016-10502 (While generating trusted application id, An integer overflow can CVE-2016-10501 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10500 - RESERVED + REJECTED CVE-2016-10499 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10498 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) @@ -111719,7 +111726,7 @@ CVE-2016-10490 (In Android before 2018-04-05 or earlier security patch level on CVE-2016-10489 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10488 - RESERVED + REJECTED CVE-2016-10487 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10486 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) @@ -111755,21 +111762,21 @@ CVE-2016-10472 (In Android before 2018-04-05 or earlier security patch level on CVE-2016-10471 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10470 - RESERVED + REJECTED CVE-2016-10469 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10468 - RESERVED + REJECTED CVE-2016-10467 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10466 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10465 - RESERVED + REJECTED CVE-2016-10464 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10463 - RESERVED + REJECTED CVE-2016-10462 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10461 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) @@ -111789,7 +111796,7 @@ CVE-2016-10455 (In Android before 2018-04-05 or earlier security patch level on CVE-2016-10454 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10453 - RESERVED + REJECTED CVE-2016-10452 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10451 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) @@ -111869,7 +111876,7 @@ CVE-2016-10415 (In Android before 2018-04-05 or earlier security patch level on CVE-2016-10414 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10413 - RESERVED + REJECTED CVE-2016-10412 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2016-10411 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) @@ -112134,7 +112141,7 @@ CVE-2014-9994 (In Android before 2018-04-05 or earlier security patch level on Q CVE-2014-9993 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9992 - RESERVED + REJECTED CVE-2014-9991 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9990 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) @@ -112154,9 +112161,9 @@ CVE-2014-10063 (In Android before 2018-04-05 or earlier security patch level on CVE-2014-10062 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10061 - RESERVED + REJECTED CVE-2014-10060 - RESERVED + REJECTED CVE-2014-10059 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10058 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) @@ -112178,7 +112185,7 @@ CVE-2014-10051 (In Android before 2018-04-05 or earlier security patch level on CVE-2014-10050 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10049 - RESERVED + REJECTED CVE-2014-10048 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10047 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) @@ -122792,7 +122799,7 @@ CVE-2014-9984 (nscd in the GNU C Library (aka glibc or libc6) before version 2.2 NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16695 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c44496df2f090a56d3bf75df930592dac6bba46f CVE-2014-9982 - RESERVED + REJECTED CVE-2014-9981 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9980 (In all Qualcomm products with Android releases from CAF using the Linu ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d0e50d8338622eca10e20708e0b55d5efa308f4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d0e50d8338622eca10e20708e0b55d5efa308f4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits