Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8cc6fa63 by security tracker role at 2019-09-17T20:10:27Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,71 @@ +CVE-2019-16390 + RESERVED +CVE-2019-16389 + RESERVED +CVE-2019-16388 + RESERVED +CVE-2019-16387 + RESERVED +CVE-2019-16386 + RESERVED +CVE-2019-16385 + RESERVED +CVE-2019-16384 + RESERVED +CVE-2019-16383 + RESERVED +CVE-2019-16382 + RESERVED +CVE-2019-16381 + RESERVED +CVE-2019-16380 + RESERVED +CVE-2019-16379 + RESERVED +CVE-2016-10995 + RESERVED +CVE-2016-10994 + RESERVED +CVE-2016-10993 (The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s p ...) + TODO: check +CVE-2016-10992 (The music-store plugin before 1.0.43 for WordPress has XSS via the wp- ...) + TODO: check +CVE-2016-10991 (The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclu ...) + TODO: check +CVE-2016-10990 (The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwar ...) + TODO: check +CVE-2016-10989 (The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?p ...) + TODO: check +CVE-2016-10988 (The leenkme plugin before 2.6.0 for WordPress has stored XSS via faceb ...) + TODO: check +CVE-2016-10987 (The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_s ...) + TODO: check +CVE-2016-10986 (The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consum ...) + TODO: check +CVE-2016-10985 (The echosign plugin before 1.2 for WordPress has XSS via the templates ...) + TODO: check +CVE-2016-10984 (The echosign plugin before 1.2 for WordPress has XSS via the inc.php p ...) + TODO: check +CVE-2016-10983 (The ghost plugin before 0.5.6 for WordPress has no access control for ...) + TODO: check +CVE-2016-10982 (The kento-post-view-counter plugin through 2.8 for WordPress has wp-ad ...) + TODO: check +CVE-2016-10981 (The kento-post-view-counter plugin through 2.8 for WordPress has store ...) + TODO: check +CVE-2016-10980 (The kento-post-view-counter plugin through 2.8 for WordPress has XSS v ...) + TODO: check +CVE-2016-10979 (The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS. ...) + TODO: check +CVE-2016-10978 (The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF. ...) + TODO: check +CVE-2016-10977 (The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=.. ...) + TODO: check +CVE-2016-10976 (The safe-editor plugin before 1.2 for WordPress has no se_save authent ...) + TODO: check +CVE-2016-10975 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has r ...) + TODO: check +CVE-2016-10974 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has f ...) + TODO: check CVE-2019-16377 RESERVED CVE-2019-16376 @@ -412,9 +480,9 @@ CVE-2019-16241 RESERVED CVE-2019-16240 RESERVED -CVE-2019-16239 - RESERVED -CVE-2019-16378 [signature bypass with multiple From addresses] +CVE-2019-16239 (process_http_response in OpenConnect before 8.05 has a Buffer Overflow ...) + TODO: check +CVE-2019-16378 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a si ...) - opendmarc 1.3.2-7 (bug #940081) NOTE: https://github.com/trusteddomainproject/OpenDMARC/pull/48 CVE-2019-16275 (hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect ...) @@ -1700,8 +1768,7 @@ CVE-2019-15730 (An issue was discovered in GitLab Community and Enterprise Editi [experimental] - gitlab 12.0.8-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ -CVE-2019-15729 [Pipeline Status Disclosure] - RESERVED +CVE-2019-15729 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...) [experimental] - gitlab 12.0.8-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ @@ -3464,8 +3531,8 @@ CVE-2019-15132 (Zabbix through 4.4.0alpha1 allows User Enumeration. With login r [stretch] - zabbix <no-dsa> (Minor issue) [jessie] - zabbix <postponed> (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-16532 -CVE-2019-15131 - RESERVED +CVE-2019-15131 (In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 ...) + TODO: check CVE-2019-15130 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 ...) NOT-FOR-US: Recruitment module in Humanica Humatrix CVE-2019-15129 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 ...) @@ -4423,8 +4490,7 @@ CVE-2019-14837 RESERVED CVE-2019-14836 RESERVED -CVE-2019-14835 [QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow] - RESERVED +CVE-2019-14835 (A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in ...) - linux <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2019/09/17/1 NOTE: https://git.kernel.org/linus/060423bfdee3f8bc6e2c1bac97de24d5415e2bc4 @@ -4444,8 +4510,7 @@ CVE-2019-14828 RESERVED CVE-2019-14827 RESERVED -CVE-2019-14826 [Session not terminated after logout] - RESERVED +CVE-2019-14826 (A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies ...) - freeipa <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1746944 NOTE: Introduced by https://pagure.io/freeipa/c/b895f4a34bcbd0b1787d2bfc1db25f34c3584b9c @@ -9260,16 +9325,16 @@ CVE-2019-13544 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple ou NOT-FOR-US: Delta Electronics TPEditor CVE-2019-13543 RESERVED -CVE-2019-13542 - RESERVED +CVE-2019-13542 (3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all version ...) + TODO: check CVE-2019-13541 RESERVED CVE-2019-13540 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-ba ...) NOT-FOR-US: Delta Electronics TPEditor CVE-2019-13539 RESERVED -CVE-2019-13538 - RESERVED +CVE-2019-13538 (3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versi ...) + TODO: check CVE-2019-13537 RESERVED CVE-2019-13536 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-bas ...) @@ -11431,8 +11496,8 @@ CVE-2019-12757 RESERVED CVE-2019-12756 RESERVED -CVE-2019-12755 - RESERVED +CVE-2019-12755 (Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an ...) + TODO: check CVE-2019-12754 (Symantec My VIP portal, previous version which has already been auto u ...) NOT-FOR-US: Symantec My VIP portal CVE-2019-12753 (An information disclosure vulnerability in Symantec Reporter web UI 10 ...) @@ -14378,12 +14443,12 @@ CVE-2019-11669 (Modifiable read only check box In Micro Focus Service Manager, v NOT-FOR-US: Micro Focus CVE-2019-11668 (HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, ...) NOT-FOR-US: Micro Focus -CVE-2019-11667 - RESERVED -CVE-2019-11666 - RESERVED -CVE-2019-11665 - RESERVED +CVE-2019-11667 (Unauthorized access to contact information in Micro Focus Service Mana ...) + TODO: check +CVE-2019-11666 (Insecure deserialization of untrusted data in Micro Focus Service Mana ...) + TODO: check +CVE-2019-11665 (Data exposure in Micro Focus Service Manager product versions 9.30, 9. ...) + TODO: check CVE-2019-11664 RESERVED CVE-2019-11663 @@ -14674,8 +14739,8 @@ CVE-2019-11561 (The Chuango 433 MHz burglar-alarm product line is vulnerable to NOT-FOR-US: Chuango CVE-2019-11560 (A buffer overflow vulnerability in the streaming server provided by hi ...) NOT-FOR-US: hisilicon -CVE-2019-11559 - RESERVED +CVE-2019-11559 (A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16 ...) + TODO: check CVE-2019-11558 RESERVED CVE-2019-11557 (The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress ...) @@ -20661,8 +20726,8 @@ CVE-2019-9683 RESERVED CVE-2019-9682 RESERVED -CVE-2019-9681 - RESERVED +CVE-2019-9681 (Online upgrade information in some firmware packages of Dahua products ...) + TODO: check CVE-2019-9680 RESERVED CVE-2019-9679 @@ -22594,10 +22659,10 @@ CVE-2019-9011 RESERVED CVE-2019-9010 (An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS G ...) NOT-FOR-US: 3S-Smart CODESYS V3 -CVE-2019-9009 - RESERVED -CVE-2019-9008 - RESERVED +CVE-2019-9009 (An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted ...) + TODO: check +CVE-2019-9008 (An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A us ...) + TODO: check CVE-2019-9007 RESERVED CVE-2019-9006 @@ -33729,8 +33794,8 @@ CVE-2019-4479 RESERVED CVE-2019-4478 RESERVED -CVE-2019-4477 - RESERVED +CVE-2019-4477 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) + TODO: check CVE-2019-4476 RESERVED CVE-2019-4475 @@ -33799,8 +33864,8 @@ CVE-2019-4444 RESERVED CVE-2019-4443 RESERVED -CVE-2019-4442 - RESERVED +CVE-2019-4442 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a ...) + TODO: check CVE-2019-4441 RESERVED CVE-2019-4440 @@ -33999,8 +34064,8 @@ CVE-2019-4344 RESERVED CVE-2019-4343 RESERVED -CVE-2019-4342 - RESERVED +CVE-2019-4342 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...) + TODO: check CVE-2019-4341 RESERVED CVE-2019-4340 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable ...) @@ -34141,14 +34206,14 @@ CVE-2019-4273 RESERVED CVE-2019-4272 RESERVED -CVE-2019-4271 - RESERVED -CVE-2019-4270 - RESERVED +CVE-2019-4271 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console ...) + TODO: check +CVE-2019-4270 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console ...) + TODO: check CVE-2019-4269 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console ...) NOT-FOR-US: IBM -CVE-2019-4268 - RESERVED +CVE-2019-4268 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) + TODO: check CVE-2019-4267 (The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerab ...) NOT-FOR-US: IBM CVE-2019-4266 @@ -34317,8 +34382,8 @@ CVE-2019-4185 (IBM InfoSphere Information Server 11.7.1 containers are vulnerabl NOT-FOR-US: IBM CVE-2019-4184 (IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross- ...) NOT-FOR-US: IBM -CVE-2019-4183 - RESERVED +CVE-2019-4183 (IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of servi ...) + TODO: check CVE-2019-4182 RESERVED CVE-2019-4181 @@ -34333,16 +34398,16 @@ CVE-2019-4177 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 NOT-FOR-US: IBM CVE-2019-4176 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could ...) NOT-FOR-US: IBM -CVE-2019-4175 - RESERVED +CVE-2019-4175 (IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker t ...) + TODO: check CVE-2019-4174 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allow ...) NOT-FOR-US: IBM CVE-2019-4173 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could ...) NOT-FOR-US: IBM CVE-2019-4172 RESERVED -CVE-2019-4171 - RESERVED +CVE-2019-4171 (IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set ...) + TODO: check CVE-2019-4170 RESERVED CVE-2019-4169 (IBM Open Power Firmware OP910 and OP920 could allow access to BMC via ...) @@ -34511,8 +34576,8 @@ CVE-2019-4088 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could NOT-FOR-US: IBM CVE-2019-4087 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulner ...) NOT-FOR-US: IBM -CVE-2019-4086 - RESERVED +CVE-2019-4086 (IBM Cloud Application Performance Management 8.1.4 could allow a remot ...) + TODO: check CVE-2019-4085 RESERVED CVE-2019-4084 (IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Man ...) @@ -37207,8 +37272,8 @@ CVE-2018-20337 (There is a stack-based buffer overflow in the parse_makernote fu [stretch] - libraw <no-dsa> (Minor issue) [jessie] - libraw <not-affected> (Vulnerable code not present) NOTE: https://github.com/LibRaw/LibRaw/issues/192 -CVE-2018-20336 - RESERVED +CVE-2018-20336 (An issue was discovered in Asuswrt-Merlin 384.6. There is a stack-base ...) + TODO: check CVE-2018-20335 RESERVED CVE-2018-20334 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8cc6fa637071ed9498a1ae1a8b9ce720856fc3ed -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8cc6fa637071ed9498a1ae1a8b9ce720856fc3ed You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits