Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aec6e2ec by security tracker role at 2019-08-12T20:10:24Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,63 @@
-CVE-2019-14950
+CVE-2019-14974
RESERVED
-CVE-2019-14949
+CVE-2019-14973
RESERVED
-CVE-2019-14948
+CVE-2019-14972
RESERVED
-CVE-2019-14947
+CVE-2019-14971
RESERVED
-CVE-2019-14946
+CVE-2019-14970
RESERVED
-CVE-2019-14945
+CVE-2019-14969 (Netwrix Auditor before 9.8 has insecure permissions on
%PROGRAMDATA%\N ...)
+ TODO: check
+CVE-2019-14968 (An issue was discovered in imcat 4.9. There is SQL Injection
via the i ...)
+ TODO: check
+CVE-2019-14967 (An issue was discovered in Frappe Framework 10, 11 before
11.1.46, and ...)
+ TODO: check
+CVE-2019-14966 (An issue was discovered in Frappe Framework 10 through 12
before 12.0. ...)
+ TODO: check
+CVE-2019-14965 (An issue was discovered in Frappe Framework 10 through 12
before 12.0. ...)
+ TODO: check
+CVE-2019-14964
+ RESERVED
+CVE-2019-14963
+ RESERVED
+CVE-2019-14962
+ RESERVED
+CVE-2019-14961
+ RESERVED
+CVE-2019-14960
+ RESERVED
+CVE-2019-14959
RESERVED
+CVE-2019-14958
+ RESERVED
+CVE-2019-14957
+ RESERVED
+CVE-2019-14956
+ RESERVED
+CVE-2019-14955
+ RESERVED
+CVE-2019-14954
+ RESERVED
+CVE-2019-14953
+ RESERVED
+CVE-2019-14952
+ RESERVED
+CVE-2019-14951 (The Telenav Scout GPS Link app 1.x for iOS, as used with
Toyota and Le ...)
+ TODO: check
+CVE-2019-14950 (The wp-live-chat-support plugin before 8.0.27 for WordPress
has XSS vi ...)
+ TODO: check
+CVE-2019-14949 (The wp-database-backup plugin before 5.1.2 for WordPress has
XSS. ...)
+ TODO: check
+CVE-2019-14948 (The woocommerce-product-addon plugin before 18.4 for WordPress
has XSS ...)
+ TODO: check
+CVE-2019-14947 (The ultimate-member plugin before 2.0.52 for WordPress has XSS
during ...)
+ TODO: check
+CVE-2019-14946 (The ultimate-member plugin before 2.0.52 for WordPress has XSS
related ...)
+ TODO: check
+CVE-2019-14945 (The ultimate-member plugin before 2.0.54 for WordPress has
XSS. ...)
+ TODO: check
CVE-2019-14944
RESERVED
CVE-2019-14943
@@ -34,36 +82,36 @@ CVE-2019-14934 (An issue was discovered in PDFResurrect
before 0.18. pdf_load_pa
TODO: check
CVE-2019-14933 (Bagisto 0.1.5 allows CSRF under /admin URIs. ...)
TODO: check
-CVE-2019-14932
- RESERVED
-CVE-2018-20966
- RESERVED
-CVE-2018-20965
- RESERVED
+CVE-2019-14932 (The Recruitment module in Humanica Humatrix 7 1.0.0.681 and
1.0.0.203 ...)
+ TODO: check
+CVE-2018-20966 (The woocommerce-jetpack plugin before 3.8.0 for WordPress has
XSS in t ...)
+ TODO: check
+CVE-2018-20965 (The ultimate-member plugin before 2.0.4 for WordPress has XSS.
...)
+ TODO: check
CVE-2018-20964
RESERVED
CVE-2018-20963
RESERVED
-CVE-2017-18508
- RESERVED
+CVE-2017-18508 (The wp-live-chat-support plugin before 7.1.03 for WordPress
has XSS. ...)
+ TODO: check
CVE-2017-18507
RESERVED
-CVE-2017-18506
- RESERVED
-CVE-2017-18505
- RESERVED
-CVE-2017-18504
- RESERVED
-CVE-2017-18503
- RESERVED
-CVE-2017-18502
- RESERVED
-CVE-2017-18501
- RESERVED
-CVE-2017-18500
- RESERVED
-CVE-2017-18499
- RESERVED
+CVE-2017-18506 (The woocommerce-pdf-invoices-packing-slips plugin before
2.0.13 for Wo ...)
+ TODO: check
+CVE-2017-18505 (The twitter-plugin plugin before 2.55 for WordPress has XSS.
...)
+ TODO: check
+CVE-2017-18504 (The twitter-cards-meta plugin before 2.5.0 for WordPress has
CSRF. ...)
+ TODO: check
+CVE-2017-18503 (The twitter-cards-meta plugin before 2.5.0 for WordPress has
XSS. ...)
+ TODO: check
+CVE-2017-18502 (The subscriber plugin before 1.3.5 for WordPress has multiple
XSS issu ...)
+ TODO: check
+CVE-2017-18501 (The social-login-bws plugin before 0.2 for WordPress has
multiple XSS ...)
+ TODO: check
+CVE-2017-18500 (The social-buttons-pack plugin before 1.1.1 for WordPress has
multiple ...)
+ TODO: check
+CVE-2017-18499 (The simple-membership plugin before 3.5.7 for WordPress has
XSS. ...)
+ TODO: check
CVE-2017-18498
RESERVED
CVE-2017-18497
@@ -88,22 +136,22 @@ CVE-2017-18488
RESERVED
CVE-2017-18487
RESERVED
-CVE-2016-10879
- RESERVED
-CVE-2016-10878
- RESERVED
-CVE-2016-10877
- RESERVED
-CVE-2016-10876
- RESERVED
-CVE-2016-10875
- RESERVED
-CVE-2016-10874
- RESERVED
-CVE-2016-10873
- RESERVED
-CVE-2016-10872
- RESERVED
+CVE-2016-10879 (The wp-live-chat-support plugin before 6.2.02 for WordPress
has XSS. ...)
+ TODO: check
+CVE-2016-10878 (The wp-google-map-plugin plugin before 3.1.2 for WordPress has
XSS. ...)
+ TODO: check
+CVE-2016-10877 (The wp-editor plugin before 1.2.6.3 for WordPress has multiple
XSS iss ...)
+ TODO: check
+CVE-2016-10876 (The wp-database-backup plugin before 4.3.1 for WordPress has
CSRF. ...)
+ TODO: check
+CVE-2016-10875 (The wp-database-backup plugin before 4.3.1 for WordPress has
XSS. ...)
+ TODO: check
+CVE-2016-10874 (The wp-database-backup plugin before 4.3.3 for WordPress has
CSRF. ...)
+ TODO: check
+CVE-2016-10873 (The wp-database-backup plugin before 4.3.3 for WordPress has
XSS. ...)
+ TODO: check
+CVE-2016-10872 (The ultimate-member plugin before 1.3.40 for WordPress has XSS
on the ...)
+ TODO: check
CVE-2016-10871
RESERVED
CVE-2016-10870
@@ -116,14 +164,14 @@ CVE-2016-10867
RESERVED
CVE-2016-10866
RESERVED
-CVE-2015-9306
- RESERVED
-CVE-2015-9305
- RESERVED
-CVE-2015-9304
- RESERVED
-CVE-2015-9303
- RESERVED
+CVE-2015-9306 (The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress
has XSS ...)
+ TODO: check
+CVE-2015-9305 (The wp-google-map-plugin plugin before 2.3.7 for WordPress has
XSS rel ...)
+ TODO: check
+CVE-2015-9304 (The ultimate-member plugin before 1.3.18 for WordPress has XSS
via tex ...)
+ TODO: check
+CVE-2015-9303 (The simple-share-buttons-adder plugin before 6.0.0 for
WordPress has X ...)
+ TODO: check
CVE-2015-9302
RESERVED
CVE-2015-9301
@@ -2442,25 +2490,27 @@ CVE-2019-14237
CVE-2019-14236
RESERVED
CVE-2019-14235 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x
before ...)
+ {DSA-4498-1}
- python-django 2:2.2.4-1 (bug #934026)
[jessie] - python-django <not-affected> (Vulnerable code not present)
NOTE:
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE:
https://github.com/django/django/commit/cf694e6852b0da7799f8b53f1fb2f7d20cf17534
(2.2.x)
NOTE:
https://github.com/django/django/commit/869b34e9b3be3a4cfcb3a145f218ffd3f5e3fd79
(1.11.x)
CVE-2019-14234 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x
before ...)
+ {DSA-4498-1}
- python-django 2:2.2.4-1 (bug #934026)
[jessie] - python-django <not-affected> (Vulnerable code not present)
NOTE:
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE:
https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387
(2.2.x)
NOTE:
https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef
(1.11.x)
CVE-2019-14233 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x
before ...)
- {DLA-1872-1}
+ {DSA-4498-1 DLA-1872-1}
- python-django 2:2.2.4-1 (bug #934026)
NOTE:
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE:
https://github.com/django/django/commit/e34f3c0e9ee5fc9022428fe91640638bafd4cda7
(2.2.x)
NOTE:
https://github.com/django/django/commit/52479acce792ad80bb0f915f20b835f919993c72
(1.11.x)
CVE-2019-14232 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x
before ...)
- {DLA-1872-1}
+ {DSA-4498-1 DLA-1872-1}
- python-django 2:2.2.4-1 (bug #934026)
NOTE:
https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
NOTE:
https://github.com/django/django/commit/c3289717c6f21a8cf23daff1c78c0c014b94041f
(2.2.x)
@@ -5174,8 +5224,8 @@ CVE-2019-13464 (An issue was discovered in OWASP
ModSecurity Core Rule Set (CRS)
TODO: check
CVE-2019-13463
RESERVED
-CVE-2019-13462
- RESERVED
+CVE-2019-13462 (Lansweeper before 7.1.117.4 allows unauthenticated SQL
injection. ...)
+ TODO: check
CVE-2019-13461 (In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and
id_addre ...)
NOT-FOR-US: PrestaShop
CVE-2019-13460
@@ -7413,8 +7463,8 @@ CVE-2019-12620
RESERVED
CVE-2019-12619
RESERVED
-CVE-2019-12618
- RESERVED
+CVE-2019-12618 (HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access
Control via t ...)
+ TODO: check
CVE-2019-12617
RESERVED
CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A
vulnerability wa ...)
@@ -13619,6 +13669,7 @@ CVE-2019-10217
NOTE: https://github.com/ansible/ansible/pull/59427
CVE-2019-10216 [-dSAFER escape via .buildfont1]
RESERVED
+ {DSA-4499-1}
- ghostscript <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2019/08/12/4
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701394
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aec6e2ec3441549e07c08792b9436db85a6ba2ee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aec6e2ec3441549e07c08792b9436db85a6ba2ee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
