Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e3c9a3ba by security tracker role at 2019-10-23T20:10:26Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,171 @@ +CVE-2019-18359 (A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3G ...) + TODO: check +CVE-2019-18358 + RESERVED +CVE-2019-18357 (An XSS issue was discovered in Thycotic Secret Server before 10.7 (iss ...) + TODO: check +CVE-2019-18356 (An XSS issue was discovered in Thycotic Secret Server before 10.7 (iss ...) + TODO: check +CVE-2019-18355 (An SSRF issue was discovered in the legacy Web launcher in Thycotic Se ...) + TODO: check +CVE-2019-18354 + RESERVED +CVE-2019-18353 + RESERVED +CVE-2019-18352 + RESERVED +CVE-2019-18351 + RESERVED +CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET ...) + TODO: check +CVE-2019-18349 + RESERVED +CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...) + TODO: check +CVE-2019-18347 + RESERVED +CVE-2019-18346 + RESERVED +CVE-2019-18345 + RESERVED +CVE-2019-18344 (Sourcecodester Online Grading System 1.0 is vulnerable to unauthentica ...) + TODO: check +CVE-2019-18343 + RESERVED +CVE-2019-18342 + RESERVED +CVE-2019-18341 + RESERVED +CVE-2019-18340 + RESERVED +CVE-2019-18339 + RESERVED +CVE-2019-18338 + RESERVED +CVE-2019-18337 + RESERVED +CVE-2019-18336 + RESERVED +CVE-2019-18335 + RESERVED +CVE-2019-18334 + RESERVED +CVE-2019-18333 + RESERVED +CVE-2019-18332 + RESERVED +CVE-2019-18331 + RESERVED +CVE-2019-18330 + RESERVED +CVE-2019-18329 + RESERVED +CVE-2019-18328 + RESERVED +CVE-2019-18327 + RESERVED +CVE-2019-18326 + RESERVED +CVE-2019-18325 + RESERVED +CVE-2019-18324 + RESERVED +CVE-2019-18323 + RESERVED +CVE-2019-18322 + RESERVED +CVE-2019-18321 + RESERVED +CVE-2019-18320 + RESERVED +CVE-2019-18319 + RESERVED +CVE-2019-18318 + RESERVED +CVE-2019-18317 + RESERVED +CVE-2019-18316 + RESERVED +CVE-2019-18315 + RESERVED +CVE-2019-18314 + RESERVED +CVE-2019-18313 + RESERVED +CVE-2019-18312 + RESERVED +CVE-2019-18311 + RESERVED +CVE-2019-18310 + RESERVED +CVE-2019-18309 + RESERVED +CVE-2019-18308 + RESERVED +CVE-2019-18307 + RESERVED +CVE-2019-18306 + RESERVED +CVE-2019-18305 + RESERVED +CVE-2019-18304 + RESERVED +CVE-2019-18303 + RESERVED +CVE-2019-18302 + RESERVED +CVE-2019-18301 + RESERVED +CVE-2019-18300 + RESERVED +CVE-2019-18299 + RESERVED +CVE-2019-18298 + RESERVED +CVE-2019-18297 + RESERVED +CVE-2019-18296 + RESERVED +CVE-2019-18295 + RESERVED +CVE-2019-18294 + RESERVED +CVE-2019-18293 + RESERVED +CVE-2019-18292 + RESERVED +CVE-2019-18291 + RESERVED +CVE-2019-18290 + RESERVED +CVE-2019-18289 + RESERVED +CVE-2019-18288 + RESERVED +CVE-2019-18287 + RESERVED +CVE-2019-18286 + RESERVED +CVE-2019-18285 + RESERVED +CVE-2019-18284 + RESERVED +CVE-2019-18283 + RESERVED +CVE-2019-18282 + RESERVED +CVE-2019-18281 (An out-of-bounds memory access in the generateDirectionalRuns() functi ...) + TODO: check +CVE-2019-18280 (Sourcecodester Online Grading System 1.0 is affected by a Cross Site R ...) + TODO: check +CVE-2019-18279 + RESERVED +CVE-2019-18278 (When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, ...) + TODO: check +CVE-2019-18277 (A flaw was found in HAProxy before 2.0.6. In legacy mode, messages fea ...) + TODO: check +CVE-2019-18276 + RESERVED CVE-2019-18275 RESERVED CVE-2019-18274 @@ -112,10 +280,10 @@ CVE-2019-18222 RESERVED CVE-2019-18221 RESERVED -CVE-2019-18220 - RESERVED -CVE-2019-18219 - RESERVED +CVE-2019-18220 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) ...) + TODO: check +CVE-2019-18219 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulner ...) + TODO: check CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not restrict ...) - file 1:5.37-6 (bug #942830) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780 @@ -2376,8 +2544,8 @@ CVE-2019-17608 (HongCMS 3.0.0 has XSS via the install/index.php dbname parameter NOT-FOR-US: HongCMS CVE-2019-17607 (HongCMS 3.0.0 has XSS via the install/index.php servername parameter. ...) NOT-FOR-US: HongCMS -CVE-2019-17606 - RESERVED +CVE-2019-17606 (The Post editor functionality in the hexo-admin plugin versions 2.3.0 ...) + TODO: check CVE-2019-17605 RESERVED CVE-2019-17604 @@ -2524,76 +2692,76 @@ CVE-2019-17549 RESERVED CVE-2019-17548 RESERVED -CVE-2015-9536 - RESERVED -CVE-2015-9535 - RESERVED -CVE-2015-9534 - RESERVED -CVE-2015-9533 - RESERVED -CVE-2015-9532 - RESERVED -CVE-2015-9531 - RESERVED -CVE-2015-9530 - RESERVED -CVE-2015-9529 - RESERVED -CVE-2015-9528 - RESERVED -CVE-2015-9527 - RESERVED -CVE-2015-9526 - RESERVED -CVE-2015-9525 - RESERVED -CVE-2015-9524 - RESERVED -CVE-2015-9523 - RESERVED -CVE-2015-9522 - RESERVED -CVE-2015-9521 - RESERVED -CVE-2015-9520 - RESERVED -CVE-2015-9519 - RESERVED -CVE-2015-9518 - RESERVED -CVE-2015-9517 - RESERVED -CVE-2015-9516 - RESERVED -CVE-2015-9515 - RESERVED -CVE-2015-9514 - RESERVED -CVE-2015-9513 - RESERVED -CVE-2015-9512 - RESERVED -CVE-2015-9511 - RESERVED -CVE-2015-9510 - RESERVED -CVE-2015-9509 - RESERVED -CVE-2015-9508 - RESERVED -CVE-2015-9507 - RESERVED -CVE-2015-9506 - RESERVED -CVE-2015-9505 - RESERVED -CVE-2015-9504 - RESERVED -CVE-2015-9503 - RESERVED -CVE-2015-9502 - RESERVED +CVE-2015-9536 (The Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress, as ...) + TODO: check +CVE-2015-9535 (The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as use ...) + TODO: check +CVE-2015-9534 (The Easy Digital Downloads (EDD) Quota theme for WordPress, as used wi ...) + TODO: check +CVE-2015-9533 (The Easy Digital Downloads (EDD) Lattice theme for WordPress, as used ...) + TODO: check +CVE-2015-9532 (The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as ...) + TODO: check +CVE-2015-9531 (The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, a ...) + TODO: check +CVE-2015-9530 (The Easy Digital Downloads (EDD) Upload File extension for WordPress, ...) + TODO: check +CVE-2015-9529 (The Easy Digital Downloads (EDD) Stripe extension for WordPress, as us ...) + TODO: check +CVE-2015-9528 (The Easy Digital Downloads (EDD) Software Licensing extension for Word ...) + TODO: check +CVE-2015-9527 (The Easy Digital Downloads (EDD) Simple Shipping extension for WordPre ...) + TODO: check +CVE-2015-9526 (The Easy Digital Downloads (EDD) Reviews extension for WordPress, as u ...) + TODO: check +CVE-2015-9525 (The Easy Digital Downloads (EDD) Recurring Payments extension for Word ...) + TODO: check +CVE-2015-9524 (The Easy Digital Downloads (EDD) Recount Earnings extension for WordPr ...) + TODO: check +CVE-2015-9523 (The Easy Digital Downloads (EDD) Recommended Products extension for Wo ...) + TODO: check +CVE-2015-9522 (The Easy Digital Downloads (EDD) QR Code extension for WordPress, as u ...) + TODO: check +CVE-2015-9521 (The Easy Digital Downloads (EDD) Pushover Notifications extension for ...) + TODO: check +CVE-2015-9520 (The Easy Digital Downloads (EDD) Per Product Emails extension for Word ...) + TODO: check +CVE-2015-9519 (The Easy Digital Downloads (EDD) PDF Stamper extension for WordPress, ...) + TODO: check +CVE-2015-9518 (The Easy Digital Downloads (EDD) PDF Invoices extension for WordPress, ...) + TODO: check +CVE-2015-9517 (The Easy Digital Downloads (EDD) Manual Purchases extension for WordPr ...) + TODO: check +CVE-2015-9516 (The Easy Digital Downloads (EDD) Invoices extension for WordPress, as ...) + TODO: check +CVE-2015-9515 (The Easy Digital Downloads (EDD) htaccess Editor extension for WordPre ...) + TODO: check +CVE-2015-9514 (The Easy Digital Downloads (EDD) Free Downloads extension for WordPres ...) + TODO: check +CVE-2015-9513 (The Easy Digital Downloads (EDD) Favorites extension for WordPress, as ...) + TODO: check +CVE-2015-9512 (The Easy Digital Downloads (EDD) CSV Manager extension for WordPress, ...) + TODO: check +CVE-2015-9511 (The Easy Digital Downloads (EDD) Conditional Success Redirects extensi ...) + TODO: check +CVE-2015-9510 (The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordP ...) + TODO: check +CVE-2015-9509 (The Easy Digital Downloads (EDD) Content Restriction extension for Wor ...) + TODO: check +CVE-2015-9508 (The Easy Digital Downloads (EDD) Commissions extension for WordPress, ...) + TODO: check +CVE-2015-9507 (The Easy Digital Downloads (EDD) Attach Accounts to Orders extension f ...) + TODO: check +CVE-2015-9506 (The Easy Digital Downloads (EDD) Amazon S3 extension for WordPress, as ...) + TODO: check +CVE-2015-9505 (The Easy Digital Downloads (EDD) core component 1.8.x before 1.8.7, 1. ...) + TODO: check +CVE-2015-9504 (The weeklynews theme before 2.2.9 for WordPress has XSS via the s para ...) + TODO: check +CVE-2015-9503 (The Modern theme before 1.4.2 for WordPress has XSS via the genericons ...) + TODO: check +CVE-2015-9502 (The Auberge theme before 1.4.5 for WordPress has XSS via the genericon ...) + TODO: check CVE-2015-9501 (The Artificial Intelligence theme before 1.2.4 for WordPress has XSS b ...) NOT-FOR-US: Wordpress plugin CVE-2015-9500 (The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via ...) @@ -3716,8 +3884,8 @@ CVE-2019-17095 RESERVED CVE-2019-17094 RESERVED -CVE-2019-17093 - RESERVED +CVE-2019-17093 (An issue was discovered in Avast antivirus before 19.8 and AVG antivir ...) + TODO: check CVE-2019-17092 (An XSS vulnerability in project list in OpenProject before 9.0.4 and 1 ...) NOT-FOR-US: OpenProject CVE-2019-17091 (faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used ...) @@ -3987,12 +4155,12 @@ CVE-2019-16979 (In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.ph NOT-FOR-US: FusionPBX CVE-2019-16978 (In FusionPBX up to v4.5.7, the file app\devices\device_settings.php us ...) NOT-FOR-US: FusionPBX -CVE-2019-16977 - RESERVED -CVE-2019-16976 - RESERVED -CVE-2019-16975 - RESERVED +CVE-2019-16977 (In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.ph ...) + TODO: check +CVE-2019-16976 (In FusionPBX up to 4.5.7, the file app\destinations\destination_import ...) + TODO: check +CVE-2019-16975 (In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses ...) + TODO: check CVE-2019-16974 (In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses ...) NOT-FOR-US: FusionPBX CVE-2019-16973 (In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses ...) @@ -12455,8 +12623,8 @@ CVE-2019-14278 (In Knowage through 6.1.1, an unauthenticated user can enumerated NOT-FOR-US: Knowage CVE-2019-14277 (** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5 ...) NOT-FOR-US: Axway SecureTransport -CVE-2019-14276 - RESERVED +CVE-2019-14276 (WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. ...) + TODO: check CVE-2019-14275 (Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arro ...) - fig2dev 1:3.2.7a-7 (unimportant; bug #933075) [buster] - fig2dev 1:3.2.7a-5+deb10u1 @@ -19474,8 +19642,8 @@ CVE-2019-11935 RESERVED CVE-2019-11934 RESERVED -CVE-2019-11933 - RESERVED +CVE-2019-11933 (A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, a ...) + TODO: check CVE-2019-11932 (A double free vulnerability in the DDGifSlurp function in decoding.c i ...) NOT-FOR-US: libpl_droidsonroids_gif CVE-2019-11931 @@ -21413,10 +21581,10 @@ CVE-2019-11285 RESERVED CVE-2019-11284 (Pivotal Reactor Netty, versions prior to 0.8.11, passes headers throug ...) NOT-FOR-US: Pivotal -CVE-2019-11283 - RESERVED -CVE-2019-11282 - RESERVED +CVE-2019-11283 (Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outpu ...) + TODO: check +CVE-2019-11282 (Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint tha ...) + TODO: check CVE-2019-11281 (Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, ver ...) - rabbitmq-server 3.7.18-1 (low) [jessie] - rabbitmq-server <no-dsa> (Minor issue; one plugin not vulnerable, the other only exploitable by malicious admin) @@ -23519,58 +23687,41 @@ CVE-2019-10478 (An issue was discovered on Glory RBW-100 devices with firmware I NOT-FOR-US: Glory RBW-100 devices CVE-2019-10477 (The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 fo ...) NOT-FOR-US: GLPI plugin -CVE-2019-10476 - RESERVED -CVE-2019-10475 - RESERVED +CVE-2019-10476 (Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted ...) + TODO: check +CVE-2019-10475 (A reflected cross-site scripting vulnerability in Jenkins build-metric ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10474 - RESERVED +CVE-2019-10474 (A missing permission check in Jenkins Global Post Script Plugin in all ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10473 - RESERVED +CVE-2019-10473 (A missing permission check in Jenkins Libvirt Slaves Plugin in form-re ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10472 - RESERVED +CVE-2019-10472 (A missing permission check in Jenkins Libvirt Slaves Plugin allows att ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10471 - RESERVED +CVE-2019-10471 (A cross-site request forgery vulnerability in Jenkins Libvirt Slaves P ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10470 - RESERVED +CVE-2019-10470 (A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10469 - RESERVED +CVE-2019-10469 (A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10468 - RESERVED +CVE-2019-10468 (A cross-site request forgery vulnerability in Jenkins ElasticBox Jenki ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10467 - RESERVED +CVE-2019-10467 (Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job conf ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10466 - RESERVED +CVE-2019-10466 (An XML external entities (XXE) vulnerability in Jenkins 360 FireLine P ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10465 - RESERVED +CVE-2019-10465 (A missing permission check in Jenkins Deploy WebLogic Plugin allows at ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10464 - RESERVED +CVE-2019-10464 (A cross-site request forgery vulnerability in Jenkins Deploy WebLogic ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10463 - RESERVED +CVE-2019-10463 (A missing permission check in Jenkins Dynatrace Application Monitoring ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10462 - RESERVED +CVE-2019-10462 (A cross-site request forgery vulnerability in Jenkins Dynatrace Applic ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10461 - RESERVED +CVE-2019-10461 (Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stor ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10460 - RESERVED +CVE-2019-10460 (Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unen ...) NOT-FOR-US: Jenkins plugin -CVE-2019-10459 - RESERVED +CVE-2019-10459 (Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhoo ...) NOT-FOR-US: Jenkins plugin CVE-2019-10458 (Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe ...) NOT-FOR-US: Jenkins plugin @@ -27004,10 +27155,10 @@ CVE-2019-9599 (The AirDroid application through 4.2.1.6 for Android allows remot NOT-FOR-US: AirDroid application for Android CVE-2019-9598 (An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF ...) NOT-FOR-US: Cscms -CVE-2019-9597 - RESERVED -CVE-2019-9596 - RESERVED +CVE-2019-9597 (Darktrace Enterprise Immune System before 3.1 allows CSRF via the /con ...) + TODO: check +CVE-2019-9596 (Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whi ...) + TODO: check CVE-2019-9595 (AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter ...) NOT-FOR-US: AppCMS CVE-2019-9594 (BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploa ...) @@ -35901,8 +36052,8 @@ CVE-2019-6146 RESERVED CVE-2019-6145 (Forcepoint VPN Client for Windows versions lower than 6.6.1 have an un ...) NOT-FOR-US: Forcepoint -CVE-2019-6144 - RESERVED +CVE-2019-6144 (This vulnerability allows a normal (non-admin) user to disable the For ...) + TODO: check CVE-2019-6143 (Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4 ...) NOT-FOR-US: Forcepoint Next Generation Firewall (Forcepoint NGFW) CVE-2019-6142 @@ -40851,8 +41002,8 @@ CVE-2019-3984 RESERVED CVE-2019-3983 RESERVED -CVE-2019-3982 - RESERVED +CVE-2019-3982 (Nessus versions 8.6.0 and earlier were found to contain a Denial of Se ...) + TODO: check CVE-2019-3981 RESERVED CVE-2019-3980 (The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports s ...) @@ -233732,8 +233883,8 @@ CVE-2014-2306 RESERVED CVE-2014-2305 RESERVED -CVE-2014-2304 - RESERVED +CVE-2014-2304 (A vulnerability in version 0.90 of the Open Floodlight SDN controller ...) + TODO: check CVE-2014-2303 (Multiple SQL injection vulnerabilities in the file browser component ( ...) NOT-FOR-US: webEdition CMS CVE-2014-2302 (The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x befor ...) @@ -233799,8 +233950,8 @@ CVE-2014-2281 (The nfs_name_snoop_add_name function in epan/dissectors/packet-nf [squeeze] - wireshark <not-affected> (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672 NOTE: http://www.wireshark.org/security/wnpa-sec-2014-01.html -CVE-2013-7333 - RESERVED +CVE-2013-7333 (A vulnerability in version 0.90 of the Open Floodlight SDN controller ...) + TODO: check CVE-2014-2309 (The ip6_route_add function in net/ipv6/route.c in the Linux kernel thr ...) - linux 3.13.6-1 [wheezy] - linux 3.2.57-1 @@ -276002,8 +276153,7 @@ CVE-2002-2441 RESERVED CVE-2002-2440 RESERVED -CVE-2002-2439 - RESERVED +CVE-2002-2439 (Integer overflow in the new[] operator in gcc before 4.8.0 allows atta ...) - gcc-4.1 <removed> [squeeze] - gcc-4.1 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - gcc-4.3 <removed> View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3c9a3ba5ba8e1ddfc5e9174c053cc109ccc5957 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3c9a3ba5ba8e1ddfc5e9174c053cc109ccc5957 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits