[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 09 Aug 2019 01:10:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
80fbc499 by security tracker role at 2019-08-09T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2019-14801
+       RESERVED
+CVE-2019-14800
+       RESERVED
+CVE-2019-14799
+       RESERVED
+CVE-2019-14798
+       RESERVED
+CVE-2019-14797
+       RESERVED
+CVE-2019-14796
+       RESERVED
+CVE-2019-14795
+       RESERVED
+CVE-2019-14794
+       RESERVED
+CVE-2019-14793
+       RESERVED
+CVE-2019-14792
+       RESERVED
+CVE-2019-14791
+       RESERVED
+CVE-2019-14790
+       RESERVED
+CVE-2019-14789
+       RESERVED
+CVE-2019-14788
+       RESERVED
+CVE-2019-14787
+       RESERVED
+CVE-2019-14786
+       RESERVED
+CVE-2019-14785
+       RESERVED
+CVE-2019-14784
+       RESERVED
+CVE-2019-14783 (On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) 
software, Fo ...)
+       TODO: check
+CVE-2019-14782
+       RESERVED
+CVE-2019-14781
+       RESERVED
+CVE-2019-14780
+       RESERVED
+CVE-2016-10865
+       RESERVED
 CVE-2019-14779
        RESERVED
 CVE-2019-14778
@@ -14,10 +60,10 @@ CVE-2019-XXXX [clamav zip DoS]
        [stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
        NOTE: https://www.openwall.com/lists/oss-security/2019/08/06/3
        NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=12356
-CVE-2019-14774
-       RESERVED
-CVE-2019-14773
-       RESERVED
+CVE-2019-14774 (The woo-variation-swatches (aka Variation Swatches for 
WooCommerce) pl ...)
+       TODO: check
+CVE-2019-14773 (admin/includes/class.actions.snippet.php in the "Woody ad 
snippets" pl ...)
+       TODO: check
 CVE-2019-14772 (verdaccio before 3.12.0 allows XSS. ...)
        NOT-FOR-US: verdaccio
 CVE-2019-14771 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 
allows the  ...)
@@ -56,8 +102,8 @@ CVE-2019-14755
        RESERVED
 CVE-2019-14754 (Open-School 3.0, and Community Edition 2.3, allows SQL 
Injection via t ...)
        NOT-FOR-US: Open-School
-CVE-2018-20962
-       RESERVED
+CVE-2018-20962 (The Backpack\CRUD Backpack component before 3.4.9 for Laravel 
allows X ...)
+       TODO: check
 CVE-2019-14753
        RESERVED
 CVE-2019-14752
@@ -215,16 +261,16 @@ CVE-2019-14685
        RESERVED
 CVE-2019-14684
        RESERVED
-CVE-2019-14683
-       RESERVED
-CVE-2019-14682
-       RESERVED
-CVE-2019-14681
-       RESERVED
-CVE-2019-14680
-       RESERVED
-CVE-2019-14679
-       RESERVED
+CVE-2019-14683 (The codection "Import users from CSV with meta" plugin before 
1.14.2.2 ...)
+       TODO: check
+CVE-2019-14682 (The acf-better-search (aka ACF: Better Search) plugin before 
3.3.1 for ...)
+       TODO: check
+CVE-2019-14681 (The Deny All Firewall plugin before 1.1.7 for WordPress allows 
wp-admi ...)
+       TODO: check
+CVE-2019-14680 (The admin-renamer-extended (aka Admin renamer extended) plugin 
3.2.1 f ...)
+       TODO: check
+CVE-2019-14679 (core/views/arprice_import_export.php in the ARPrice Lite 
plugin 2.2 fo ...)
+       TODO: check
 CVE-2019-14678
        RESERVED
 CVE-2019-14677
@@ -249,8 +295,8 @@ CVE-2019-14668 (Firefly III 4.7.17.3 is vulnerable to 
stored XSS due to the lack
        NOT-FOR-US: Firefly
 CVE-2019-14667 (Firefly III 4.7.17.4 is vulnerable to multiple stored XSS 
issues due t ...)
        NOT-FOR-US: Firefly
-CVE-2015-9292
-       RESERVED
+CVE-2015-9292 (6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or 
code p ...)
+       TODO: check
 CVE-2019-14666
        RESERVED
 CVE-2019-14665 (Brandy 1.20.1 has a heap-based buffer overflow in define_array 
in vari ...)
@@ -273,26 +319,26 @@ CVE-2018-20961 (In the Linux kernel before 4.16.4, a 
double free vulnerability i
        - linux 4.16.5-1
        [stretch] - linux 4.9.107-1
        NOTE: Fixed by: 
https://git.kernel.org/linus/7fafcfdf6377b18b2a726ea554d6e593ba44349f
-CVE-2018-20960
-       RESERVED
+CVE-2018-20960 (Nespresso Prodigio devices lack Bluetooth connection security. 
...)
+       TODO: check
 CVE-2018-20959 (Jura E8 devices lack Bluetooth connection security. ...)
        NOT-FOR-US: Jura E8 devices
 CVE-2018-20958 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices 
before 20 ...)
        NOT-FOR-US: Tapplock devices
-CVE-2018-20957
-       RESERVED
-CVE-2018-20956
-       RESERVED
-CVE-2018-20955
-       RESERVED
-CVE-2017-18485
-       RESERVED
-CVE-2017-18484
-       RESERVED
+CVE-2018-20957 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices 
before 20 ...)
+       TODO: check
+CVE-2018-20956 (Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a 
factory re ...)
+       TODO: check
+CVE-2018-20955 (Swann SWWHD-INTCAM-HD devices have the twipc root password, 
leading to ...)
+       TODO: check
+CVE-2017-18485 (Cognitoys Dino devices allow profiles_add.html CSRF. ...)
+       TODO: check
+CVE-2017-18484 (Cognitoys Dino devices allow XSS via the SSID. ...)
+       TODO: check
 CVE-2016-10864 (NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the 
SSID. ...)
        NOT-FOR-US: NETGEAR
-CVE-2016-10863
-       RESERVED
+CVE-2016-10863 (Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd 
CSRF with  ...)
+       TODO: check
 CVE-2019-14661
        RESERVED
 CVE-2019-14660
@@ -309,8 +355,8 @@ CVE-2019-14655
        REJECTED
 CVE-2019-14654 (In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users 
authoris ...)
        NOT-FOR-US: Joomla!
-CVE-2018-20954
-       RESERVED
+CVE-2018-20954 (The "Security and Privacy" Encryption feature in Mailpile 
before 1.0.0 ...)
+       TODO: check
 CVE-2019-XXXX [Buffer overflow during processing of large server replies]
        - pump <unfixed> (bug #933674)
 CVE-2019-14653 (pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR 
or SUP e ...)
@@ -559,8 +605,8 @@ CVE-2019-14536
        RESERVED
 CVE-2017-18483 (ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow 
XSS via a  ...)
        NOT-FOR-US: ANNKE SP1 HD wireless camera devices
-CVE-2016-10862
-       RESERVED
+CVE-2016-10862 (Neet AirStream NAS1.1 devices have a password of ifconfig for 
the root ...)
+       TODO: check
 CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause 
the settin ...)
        NOT-FOR-US: Neet AirStream NAS1.1 devices
 CVE-2019-14535
@@ -13127,13 +13173,14 @@ CVE-2019-10210
        NOT-FOR-US: EnterpriseDB Windows installer
 CVE-2019-10209 [postgres: Fix execution of hashed subplans that require 
cross-type comparison]
        RESERVED
+       {DSA-4493-1}
        - postgresql-11 11.5-1
        - postgresql-9.6 <not-affected> (Only affects PostgreSQL 11)
        - postgresql-9.4 <not-affected> (Only affects PostgreSQL 11)
        NOTE: https://www.postgresql.org/about/news/1960/
 CVE-2019-10208 [postgres: Require schema qualification to cast to a temporary 
type when using functional cast syntax]
        RESERVED
-       {DLA-1874-1}
+       {DSA-4493-1 DSA-4492-1 DLA-1874-1}
        - postgresql-11 11.5-1
        - postgresql-9.6 <removed>
        - postgresql-9.4 <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/80fbc4995664d478104cb276705b3be9004dd806

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/80fbc4995664d478104cb276705b3be9004dd806
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to