[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 09 Aug 2019 13:11:18 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4ce91c7b by security tracker role at 2019-08-09T20:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,37 +1,53 @@
-CVE-2019-14801
+CVE-2019-14808
        RESERVED
-CVE-2019-14800
-       RESERVED
-CVE-2019-14799
+CVE-2019-14807
        RESERVED
-CVE-2019-14798
+CVE-2019-14806 (Pallets Werkzeug before 0.15.3, when used with Docker, has 
insufficien ...)
+       TODO: check
+CVE-2019-14805 (studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS 
via the ...)
+       TODO: check
+CVE-2019-14804 (studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows 
XSS via t ...)
+       TODO: check
+CVE-2019-14803
        RESERVED
-CVE-2019-14797
+CVE-2019-14802
        RESERVED
-CVE-2019-14796
+CVE-2017-18486 (Jitbit Helpdesk before 9.0.3 allows remote attackers to 
escalate privi ...)
+       TODO: check
+CVE-2019-14801 (The FV Flowplayer Video Player plugin before 7.3.15.727 for 
WordPress  ...)
+       TODO: check
+CVE-2019-14800
        RESERVED
+CVE-2019-14799 (The FV Flowplayer Video Player plugin before 7.3.14.727 for 
WordPress  ...)
+       TODO: check
+CVE-2019-14798 (The 10Web Photo Gallery plugin before 1.5.25 for WordPress has 
Authent ...)
+       TODO: check
+CVE-2019-14797 (The 10Web Photo Gallery plugin before 1.5.23 for WordPress has 
authent ...)
+       TODO: check
+CVE-2019-14796 (The mq-woocommerce-products-price-bulk-edit (aka Woocommerce 
Products  ...)
+       TODO: check
 CVE-2019-14795
        RESERVED
-CVE-2019-14794
-       RESERVED
-CVE-2019-14793
-       RESERVED
-CVE-2019-14792
-       RESERVED
-CVE-2019-14791
-       RESERVED
+CVE-2019-14794 (The Meta Box plugin before 4.16.2 for WordPress mishandles the 
uploadi ...)
+       TODO: check
+CVE-2019-14793 (The Meta Box plugin before 4.16.3 for WordPress allows file 
deletion v ...)
+       TODO: check
+CVE-2019-14792 (The WP Google Maps plugin before 7.11.35 for WordPress allows 
XSS via  ...)
+       TODO: check
+CVE-2019-14791 (The Appointment Booking Calendar plugin 1.3.18 for WordPress 
allows XS ...)
+       TODO: check
 CVE-2019-14790
        RESERVED
 CVE-2019-14789
        RESERVED
 CVE-2019-14788
        RESERVED
-CVE-2019-14787
-       RESERVED
+CVE-2019-14787 (The Tribulant Newsletters plugin before 4.6.19 for WordPress 
allows XS ...)
+       TODO: check
 CVE-2019-14786
        RESERVED
-CVE-2019-14785
-       RESERVED
+CVE-2019-14785 (The "CP Contact Form with PayPal" plugin before 1.2.99 for 
WordPress h ...)
+       TODO: check
 CVE-2019-14784
        RESERVED
 CVE-2019-14783 (On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) 
software, Fo ...)
@@ -42,8 +58,8 @@ CVE-2019-14781
        RESERVED
 CVE-2019-14780
        RESERVED
-CVE-2016-10865
-       RESERVED
+CVE-2016-10865 (The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress 
has cros ...)
+       TODO: check
 CVE-2019-14779
        RESERVED
 CVE-2019-14778
@@ -124,6 +140,7 @@ CVE-2019-14745 (In radare2 before 3.7.0, a command 
injection vulnerability exist
        - radare2 <unfixed> (bug #934204)
        NOTE: https://github.com/radare/radare2/pull/14690
 CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop 
files and c ...)
+       {DSA-4494-1}
        - kconfig 5.54.0-2 (bug #934267)
        - kde4libs <unfixed> (bug #934268)
        [buster] - kde4libs <no-dsa> (Minor issue)
@@ -1449,8 +1466,7 @@ CVE-2019-14435
        RESERVED
 CVE-2019-14434
        RESERVED
-CVE-2019-14433 [Nova Server Resource Faults Leak External Exception Details]
-       RESERVED
+CVE-2019-14433 (An issue was discovered in OpenStack Nova before 17.0.12, 18.x 
before  ...)
        - nova <unfixed> (bug #934114)
        NOTE: https://security.openstack.org/ossa/OSSA-2019-003.html
        NOTE: https://launchpad.net/bugs/1837877
@@ -1606,8 +1622,8 @@ CVE-2018-20861 (libopenmpt before 0.3.11 allows a crash 
with certain malformed c
        NOTE: 
https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10617 
(0.2.10635-beta34)
 CVE-2018-20859 (edx-platform before 2018-07-18 allows XSS via a response to a 
Chemical ...)
        NOT-FOR-US: Open edX
-CVE-2018-20858
-       RESERVED
+CVE-2018-20858 (Recommender before 2018-07-18 allows XSS. ...)
+       TODO: check
 CVE-2017-18381 (The installation process in Open edX before 2017-01-10 exposes 
a Mongo ...)
        NOT-FOR-US: Open edX
 CVE-2017-18380 (edx-platform before 2017-08-03 allows attackers to trigger 
password-re ...)
@@ -1750,8 +1766,8 @@ CVE-2019-14314
        RESERVED
 CVE-2019-14313 (A SQL injection vulnerability exists in the 10Web Photo 
Gallery plugin ...)
        NOT-FOR-US: 10Web Photo Gallery plugin for WordPress
-CVE-2019-14312
-       RESERVED
+CVE-2019-14312 (Aptana Jaxer 1.0.3.4547 is vulnerable to a local file 
inclusion vulner ...)
+       TODO: check
 CVE-2019-14311
        RESERVED
 CVE-2019-14310
@@ -2022,8 +2038,7 @@ CVE-2019-14235 (An issue was discovered in Django 1.11.x 
before 1.11.23, 2.1.x b
        NOTE: 
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
        NOTE: 
https://github.com/django/django/commit/cf694e6852b0da7799f8b53f1fb2f7d20cf17534
 (2.2.x)
        NOTE: 
https://github.com/django/django/commit/869b34e9b3be3a4cfcb3a145f218ffd3f5e3fd79
 (1.11.x)
-CVE-2019-14234 [SQL injection possibility in key and index lookups for 
JSONField/HStoreField]
-       RESERVED
+CVE-2019-14234 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x 
before  ...)
        - python-django 2:2.2.4-1 (bug #934026)
        [jessie] - python-django <not-affected> (Vulnerable code not present)
        NOTE: 
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
@@ -6516,8 +6531,8 @@ CVE-2019-12807
        RESERVED
 CVE-2019-12806
        RESERVED
-CVE-2019-12805
-       RESERVED
+CVE-2019-12805 (NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier 
versions have ...)
+       TODO: check
 CVE-2019-12804 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 
4.0.16, due to ...)
        NOT-FOR-US: Hunesion i-oneNet
 CVE-2019-12803 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 
4.0.16, the sp ...)
@@ -7883,7 +7898,7 @@ CVE-2019-12281
        RESERVED
 CVE-2019-12280 (PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path 
Element. ...)
        NOT-FOR-US: PC-Doctor Toolbox
-CVE-2019-12279 (Nagios XI 5.6.1 allows SQL injection via the username 
parameter to log ...)
+CVE-2019-12279 (** DISPUTED ** Nagios XI 5.6.1 allows SQL injection via the 
username p ...)
        NOT-FOR-US: Nagios XI
 CVE-2019-12278
        RESERVED
@@ -7915,26 +7930,26 @@ CVE-2019-12267
        RESERVED
 CVE-2019-12266
        RESERVED
-CVE-2019-12265
-       RESERVED
+CVE-2019-12265 (Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a 
Memory Le ...)
+       TODO: check
 CVE-2019-12264 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has 
Incorrect  ...)
        NOT-FOR-US: Wind River VxWorks
-CVE-2019-12263
-       RESERVED
+CVE-2019-12263 (Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the 
TCP comp ...)
+       TODO: check
 CVE-2019-12262
        RESERVED
 CVE-2019-12261
        RESERVED
 CVE-2019-12260
        RESERVED
-CVE-2019-12259
-       RESERVED
+CVE-2019-12259 (Wind River VxWorks 6.9 and vx7 has an array index error in the 
IGMPv3  ...)
+       TODO: check
 CVE-2019-12258
        RESERVED
-CVE-2019-12257
-       RESERVED
-CVE-2019-12256
-       RESERVED
+CVE-2019-12257 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the 
DHCP clien ...)
+       TODO: check
+CVE-2019-12256 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the 
IPv4 compo ...)
+       TODO: check
 CVE-2019-12255
        RESERVED
 CVE-2019-12254
@@ -9074,8 +9089,8 @@ CVE-2019-11778
        RESERVED
 CVE-2019-11777
        RESERVED
-CVE-2019-11776
-       RESERVED
+CVE-2019-11776 (In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows 
Reflecte ...)
+       TODO: check
 CVE-2019-11775 (All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where 
the loo ...)
        NOT-FOR-US: Eclipse OpenJ9
 CVE-2019-11774
@@ -26185,8 +26200,8 @@ CVE-2019-5500
        RESERVED
 CVE-2019-5499
        RESERVED
-CVE-2019-5498
-       RESERVED
+CVE-2019-5498 (OnCommand Insight versions through 7.3.6 may disclose sensitive 
accoun ...)
+       TODO: check
 CVE-2019-5497 (NetApp AFF A700s Baseboard Management Controller (BMC) firmware 
versio ...)
        NOT-FOR-US: NetApp AFF A700s Baseboard Management Controller firmware
 CVE-2019-5496 (Oncommand Insight versions prior to 7.3.5 shipped without 
certain HTTP ...)
@@ -26433,34 +26448,34 @@ CVE-2019-5410
        RESERVED
 CVE-2019-5409
        RESERVED
-CVE-2019-5408
-       RESERVED
-CVE-2019-5407
-       RESERVED
-CVE-2019-5406
-       RESERVED
-CVE-2019-5405
-       RESERVED
-CVE-2019-5404
-       RESERVED
-CVE-2019-5403
-       RESERVED
-CVE-2019-5402
-       RESERVED
+CVE-2019-5408 (Command View Advanced Edition (CVAE) products contain a 
vulnerability  ...)
+       TODO: check
+CVE-2019-5407 (A remote information disclosure vulnerability was discovered in 
HPE 3P ...)
+       TODO: check
+CVE-2019-5406 (A remote session reuse vulnerability was discovered in HPE 3PAR 
StoreS ...)
+       TODO: check
+CVE-2019-5405 (A remote authorization bypass vulnerability was discovered in 
HPE 3PAR ...)
+       TODO: check
+CVE-2019-5404 (A remote script injection vulnerability was discovered in HPE 
3PAR Sto ...)
+       TODO: check
+CVE-2019-5403 (A remote multiple cross-site scripting vulnerability was 
discovered in ...)
+       TODO: check
+CVE-2019-5402 (A remote authorization bypass vulnerability was discovered in 
HPE 3PAR ...)
+       TODO: check
 CVE-2019-5401 (A potential security vulnerability has been identified in 
HP2910al-48G ...)
        NOT-FOR-US: HP HP2910al-48G
-CVE-2019-5400
-       RESERVED
-CVE-2019-5399
-       RESERVED
-CVE-2019-5398
-       RESERVED
-CVE-2019-5397
-       RESERVED
-CVE-2019-5396
-       RESERVED
-CVE-2019-5395
-       RESERVED
+CVE-2019-5400 (A remote session reuse vulnerability was discovered in HPE 3PAR 
Servic ...)
+       TODO: check
+CVE-2019-5399 (A remote gain authorized access vulnerability was discovered in 
HPE 3P ...)
+       TODO: check
+CVE-2019-5398 (A remote multiple multiple cross-site vulnerability was 
discovered in  ...)
+       TODO: check
+CVE-2019-5397 (A remote bypass of security restrictions vulnerability was 
discovered  ...)
+       TODO: check
+CVE-2019-5396 (A remote authentication bypass vulnerability was discovered in 
HPE 3PA ...)
+       TODO: check
+CVE-2019-5395 (A remote arbitrary file upload vulnerability was discovered in 
HPE 3PA ...)
+       TODO: check
 CVE-2019-5394 (The HPE Nonstop Maintenance Entity family of products are 
vulnerable t ...)
        NOT-FOR-US: HPE
 CVE-2019-5393 (A remote code execution vulnerability was identified in HPE 
Intelligen ...)
@@ -63332,7 +63347,7 @@ CVE-2018-11212 (An issue was discovered in libjpeg 9a. 
The alloc_sarray function
        NOTE: 
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/82923eb93a2eacf4a593e00e3e672bbb86a8a3a0
 (1.4.2)
 CVE-2018-11211
        RESERVED
-CVE-2018-11210 (TinyXML2 6.2.0 has a heap-based buffer over-read in the 
XMLDocument::P ...)
+CVE-2018-11210 (** DISPUTED ** TinyXML2 6.2.0 has a heap-based buffer 
over-read in the ...)
        - tinyxml2 <unfixed> (bug #899063; unimportant)
        NOTE: https://github.com/leethomason/tinyxml2/issues/675
        NOTE: Non-real issue, missuse of API



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ce91c7bcf3085269b04760fef6bc22b2510bcf6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ce91c7bcf3085269b04760fef6bc22b2510bcf6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to