Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9d0e50d8 by security tracker role at 2019-08-30T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,65 +1,71 @@
-CVE-2019-15842
+CVE-2019-15845
RESERVED
-CVE-2019-15841
+CVE-2019-15844
RESERVED
-CVE-2019-15840
- RESERVED
-CVE-2019-15839
- RESERVED
-CVE-2019-15838
- RESERVED
-CVE-2019-15837
- RESERVED
-CVE-2019-15836
- RESERVED
-CVE-2019-15835
- RESERVED
-CVE-2019-15834
- RESERVED
-CVE-2019-15833
- RESERVED
-CVE-2019-15832
- RESERVED
-CVE-2019-15831
- RESERVED
-CVE-2019-15830
- RESERVED
-CVE-2019-15829
- RESERVED
-CVE-2019-15828
- RESERVED
-CVE-2019-15827
- RESERVED
-CVE-2019-15826
- RESERVED
-CVE-2019-15825
- RESERVED
-CVE-2019-15824
- RESERVED
-CVE-2019-15823
- RESERVED
-CVE-2019-15822
- RESERVED
-CVE-2019-15821
- RESERVED
-CVE-2019-15820
- RESERVED
-CVE-2019-15819
- RESERVED
-CVE-2019-15818
- RESERVED
-CVE-2019-15817
- RESERVED
-CVE-2019-15816
+CVE-2019-15843
RESERVED
+CVE-2019-15842 (The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for
WordPress ...)
+ TODO: check
+CVE-2019-15841 (The facebook-for-woocommerce plugin before 1.9.15 for
WordPress has CS ...)
+ TODO: check
+CVE-2019-15840 (The facebook-for-woocommerce plugin before 1.9.14 for
WordPress has CS ...)
+ TODO: check
+CVE-2019-15839 (The sina-extension-for-elementor plugin before 2.2.1 for
WordPress has ...)
+ TODO: check
+CVE-2019-15838 (The custom-404-pro plugin before 3.2.8 for WordPress has
reflected XSS ...)
+ TODO: check
+CVE-2019-15837 (The webp-express plugin before 0.14.8 for WordPress has stored
XSS. ...)
+ TODO: check
+CVE-2019-15836 (The wp-ultimate-recipe plugin before 3.12.7 for WordPress has
stored X ...)
+ TODO: check
+CVE-2019-15835 (The wp-better-permalinks plugin before 3.0.5 for WordPress has
CSRF. ...)
+ TODO: check
+CVE-2019-15834 (The webp-converter-for-media plugin before 1.0.3 for WordPress
has CSR ...)
+ TODO: check
+CVE-2019-15833 (The simple-mail-address-encoder plugin before 1.7 for
WordPress has re ...)
+ TODO: check
+CVE-2019-15832 (The visitors-traffic-real-time-statistics plugin before 1.13
for WordP ...)
+ TODO: check
+CVE-2019-15831 (The visitors-traffic-real-time-statistics plugin before 1.12
for WordP ...)
+ TODO: check
+CVE-2019-15830 (The icegram plugin before 1.10.29 for WordPress has
ig_cat_list XSS. ...)
+ TODO: check
+CVE-2019-15829 (The photoblocks-grid-gallery plugin before 1.1.33 for
WordPress has wp ...)
+ TODO: check
+CVE-2019-15828 (The one-click-ssl plugin before 1.4.7 for WordPress has CSRF.
...)
+ TODO: check
+CVE-2019-15827 (The onesignal-free-web-push-notifications plugin before 1.17.8
for Wor ...)
+ TODO: check
+CVE-2019-15826 (The wps-hide-login plugin before 1.5.3 for WordPress has a
protection ...)
+ TODO: check
+CVE-2019-15825 (The wps-hide-login plugin before 1.5.3 for WordPress has an
action=rp& ...)
+ TODO: check
+CVE-2019-15824 (The wps-hide-login plugin before 1.5.3 for WordPress has an
adminhash ...)
+ TODO: check
+CVE-2019-15823 (The wps-hide-login plugin before 1.5.3 for WordPress has an
action=con ...)
+ TODO: check
+CVE-2019-15822 (The wps-child-theme-generator plugin before 1.2 for WordPress
has clas ...)
+ TODO: check
+CVE-2019-15821 (The bold-page-builder plugin before 2.3.2 for WordPress has no
protect ...)
+ TODO: check
+CVE-2019-15820 (The login-or-logout-menu-item plugin before 1.2.0 for
WordPress has no ...)
+ TODO: check
+CVE-2019-15819 (The nd-restaurant-reservations plugin before 1.5 for WordPress
has no ...)
+ TODO: check
+CVE-2019-15818 (The simple-301-redirects-addon-bulk-uploader plugin through
1.2.4 for ...)
+ TODO: check
+CVE-2019-15817 (The easy-property-listings plugin before 3.4 for WordPress has
XSS. ...)
+ TODO: check
+CVE-2019-15816 (The wp-private-content-plus plugin before 2.0 for WordPress
has no pro ...)
+ TODO: check
CVE-2019-15815
RESERVED
CVE-2019-15814
RESERVED
CVE-2019-15813
RESERVED
-CVE-2015-9380
- RESERVED
+CVE-2015-9380 (The photo-gallery plugin before 1.2.42 for WordPress has CSRF.
...)
+ TODO: check
CVE-2019-15812
RESERVED
CVE-2019-15811 (In DomainMOD through 4.13, the parameter daterange in the file
reporti ...)
@@ -555,8 +561,8 @@ CVE-2019-15632
RESERVED
CVE-2019-15631
RESERVED
-CVE-2019-15630
- RESERVED
+CVE-2019-15630 (Directory Traversal in APIkit, http-connector, and OAuth2
Provider mod ...)
+ TODO: check
CVE-2019-15629
RESERVED
CVE-2019-15628
@@ -2278,8 +2284,8 @@ CVE-2019-15028 (In Joomla! before 3.9.11, inadequate
checks in com_contact could
NOT-FOR-US: Joomla!
CVE-2019-15027 (The MediaTek Embedded Multimedia Card (eMMC) subsystem for
Android on ...)
TODO: check
-CVE-2019-15026
- RESERVED
+CVE-2019-15026 (memcached 1.5.16, when UNIX sockets are used, has a
stack-based buffer ...)
+ TODO: check
CVE-2019-15025 (The ninja-forms plugin before 3.3.21.2 for WordPress has SQL
injection ...)
NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2018-20968 (The wp-ultimate-exporter plugin before 1.4.2 for WordPress has
CSRF. ...)
@@ -3814,6 +3820,7 @@ CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in
cb_push_op in cobc/field.c
CVE-2019-14467
RESERVED
CVE-2019-14466 [GOsa <= 2.7.5.2 uses unserialize to restore filter settings
from a cookie. Since this cookie is supplied by the client, authenticated users
can pass arbitrary content to unserialized, which opens GOsa up to a potential
PHP object injection.]
+ RESERVED
- gosa <unfixed>
NOTE:
https://github.com/gosa-project/gosa-core/commit/e1504e9765db2adde8b4685b5c93fbba57df868b
(fix)
NOTE:
https://github.com/gosa-project/gosa-core/commit/90b674960335d888c76ca5e99027df8e7fa66f3a
(fixing the prev commit)
@@ -9623,8 +9630,8 @@ CVE-2019-12812
RESERVED
CVE-2019-12811
RESERVED
-CVE-2019-12810
- RESERVED
+CVE-2019-12810 (A memory corruption vulnerability exists in the .PSD parsing
functiona ...)
+ TODO: check
CVE-2019-12809 (Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier
versions contai ...)
NOT-FOR-US: Yes24ViewerX ActiveX Control
CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a
local priv ...)
@@ -38501,10 +38508,10 @@ CVE-2019-2392
RESERVED
CVE-2019-2391
RESERVED
-CVE-2019-2390
- RESERVED
-CVE-2019-2389
- RESERVED
+CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can
create ...)
+ TODO: check
+CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's
packaged SysV ...)
+ TODO: check
CVE-2019-2388
RESERVED
CVE-2019-2387
@@ -63108,23 +63115,23 @@ CVE-2018-12442
CVE-2018-12441 (The CorsairService Service in Corsair Utility Engine is
installed with ...)
NOT-FOR-US: Corsair
CVE-2017-18341
- RESERVED
+ REJECTED
CVE-2017-18340
- RESERVED
+ REJECTED
CVE-2017-18339
- RESERVED
+ REJECTED
CVE-2017-18338
- RESERVED
+ REJECTED
CVE-2017-18337
- RESERVED
+ REJECTED
CVE-2017-18336
- RESERVED
+ REJECTED
CVE-2017-18335
- RESERVED
+ REJECTED
CVE-2017-18334
- RESERVED
+ REJECTED
CVE-2017-18333
- RESERVED
+ REJECTED
CVE-2017-18332 (Security keys are logged when any WCDMA call is configured or
reconfig ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18331 (Improper access control on secure display buffers in
snapdragon automo ...)
@@ -63140,7 +63147,7 @@ CVE-2017-18327 (Security keys are logged when any WCDMA
call is configured or re
CVE-2017-18326 (Cryptographic keys are printed in modem debug messages in
snapdragon m ...)
NOT-FOR-US: snapdragon
CVE-2017-18325
- RESERVED
+ REJECTED
CVE-2017-18324 (Cryptographic key material leaked in debug messages - GERAN in
snapdra ...)
NOT-FOR-US: snapdragon
CVE-2017-18323 (Cryptographic key material leaked in TDSCDMA RRC debug
messages in sna ...)
@@ -64539,7 +64546,7 @@ CVE-2018-11991
CVE-2018-11990
RESERVED
CVE-2018-11989
- RESERVED
+ REJECTED
CVE-2018-11988 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD Andro ...)
NOT-FOR-US: CodeAurora components for Android
CVE-2018-11987 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD Andro ...)
@@ -64564,25 +64571,25 @@ CVE-2018-11980
CVE-2018-11979
RESERVED
CVE-2018-11978
- RESERVED
+ REJECTED
CVE-2018-11977
- RESERVED
+ REJECTED
CVE-2018-11976 (ECDSA signature code leaks private keys from secure world to
non-secur ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11975
- RESERVED
+ REJECTED
CVE-2018-11974
- RESERVED
+ REJECTED
CVE-2018-11973
- RESERVED
+ REJECTED
CVE-2018-11972
- RESERVED
+ REJECTED
CVE-2018-11971 (Interrupt exit code flow may undermine access control policy
set forth ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11970 (TZ App dynamic allocations not protected from XBL loader in
Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11969
- RESERVED
+ REJECTED
CVE-2018-11968 (Improper check before assigning value can lead to integer
overflow in ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11967 (Signature verification of the skel library could potentially
be disabl ...)
@@ -64602,7 +64609,7 @@ CVE-2018-11961 (In all android releases(Android for
MSM, Firefox OS for MSM, QRD
CVE-2018-11960 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD Andro ...)
NOT-FOR-US: CodeAurora components for Android
CVE-2018-11959
- RESERVED
+ REJECTED
CVE-2018-11958 (Insufficient protection of keys in keypad can lead HLOS to
gain access ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11957
@@ -64639,7 +64646,7 @@ CVE-2018-11943 (In all android releases(Android for
MSM, Firefox OS for MSM, QRD
CVE-2018-11942 (Failure to initialize the reserved memory which is sent to the
firmwar ...)
NOT-FOR-US: Snapdragon
CVE-2018-11941
- RESERVED
+ REJECTED
CVE-2018-11940 (Lack of check in length before using memcpy in WLAN function
can lead ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11939 (Use after issue in WLAN function due to multiple ACS scan
requests at ...)
@@ -64655,7 +64662,7 @@ CVE-2018-11935 (Improper input validation might result
in incorrect app id retur
CVE-2018-11934 (Possible out of bounds write due to improper input validation
while pr ...)
NOT-FOR-US: Snapdragon
CVE-2018-11933
- RESERVED
+ REJECTED
CVE-2018-11932 (Improper input validation can lead RW access to secure
subsystem from ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11931 (Improper access to HLOS is possible while transferring memory
to CPZ i ...)
@@ -64871,7 +64878,7 @@ CVE-2018-11827 (In all android releases (Android for
MSM, Firefox OS for MSM, QR
CVE-2018-11826 (In all android releases (Android for MSM, Firefox OS for MSM,
QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11825
- RESERVED
+ REJECTED
CVE-2018-11824 (A stack-based buffer overflow can occur in a firmware routine
in Snapd ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11823 (In all android releases(Android for MSM, Firefox OS for MSM,
QRD Andro ...)
@@ -111695,7 +111702,7 @@ CVE-2016-10502 (While generating trusted application
id, An integer overflow can
CVE-2016-10501 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10500
- RESERVED
+ REJECTED
CVE-2016-10499 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10498 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
@@ -111719,7 +111726,7 @@ CVE-2016-10490 (In Android before 2018-04-05 or
earlier security patch level on
CVE-2016-10489 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10488
- RESERVED
+ REJECTED
CVE-2016-10487 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10486 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
@@ -111755,21 +111762,21 @@ CVE-2016-10472 (In Android before 2018-04-05 or
earlier security patch level on
CVE-2016-10471 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10470
- RESERVED
+ REJECTED
CVE-2016-10469 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10468
- RESERVED
+ REJECTED
CVE-2016-10467 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10466 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10465
- RESERVED
+ REJECTED
CVE-2016-10464 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10463
- RESERVED
+ REJECTED
CVE-2016-10462 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10461 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
@@ -111789,7 +111796,7 @@ CVE-2016-10455 (In Android before 2018-04-05 or
earlier security patch level on
CVE-2016-10454 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10453
- RESERVED
+ REJECTED
CVE-2016-10452 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10451 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
@@ -111869,7 +111876,7 @@ CVE-2016-10415 (In Android before 2018-04-05 or
earlier security patch level on
CVE-2016-10414 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10413
- RESERVED
+ REJECTED
CVE-2016-10412 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10411 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
@@ -112134,7 +112141,7 @@ CVE-2014-9994 (In Android before 2018-04-05 or
earlier security patch level on Q
CVE-2014-9993 (In Android before 2018-04-05 or earlier security patch level on
Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-9992
- RESERVED
+ REJECTED
CVE-2014-9991 (In Android before 2018-04-05 or earlier security patch level on
Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-9990 (In Android before 2018-04-05 or earlier security patch level on
Qualco ...)
@@ -112154,9 +112161,9 @@ CVE-2014-10063 (In Android before 2018-04-05 or
earlier security patch level on
CVE-2014-10062 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-10061
- RESERVED
+ REJECTED
CVE-2014-10060
- RESERVED
+ REJECTED
CVE-2014-10059 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-10058 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
@@ -112178,7 +112185,7 @@ CVE-2014-10051 (In Android before 2018-04-05 or
earlier security patch level on
CVE-2014-10050 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-10049
- RESERVED
+ REJECTED
CVE-2014-10048 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-10047 (In Android before 2018-04-05 or earlier security patch level
on Qualco ...)
@@ -122792,7 +122799,7 @@ CVE-2014-9984 (nscd in the GNU C Library (aka glibc
or libc6) before version 2.2
NOTE: Upstream bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=16695
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c44496df2f090a56d3bf75df930592dac6bba46f
CVE-2014-9982
- RESERVED
+ REJECTED
CVE-2014-9981 (In all Qualcomm products with Android releases from CAF using
the Linu ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9980 (In all Qualcomm products with Android releases from CAF using
the Linu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d0e50d8338622eca10e20708e0b55d5efa308f4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d0e50d8338622eca10e20708e0b55d5efa308f4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
