[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 14 Aug 2019 13:11:36 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9fb92ed3 by security tracker role at 2019-08-14T20:10:27Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,82 +1,126 @@
-CVE-2019-15033
-       RESERVED
-CVE-2019-15032
-       RESERVED
-CVE-2019-15031
-       RESERVED
-CVE-2019-15030
-       RESERVED
-CVE-2019-15029
-       RESERVED
-CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact 
could allow ...)
-       NOT-FOR-US: Joomla!
-CVE-2019-15027
-       RESERVED
-CVE-2019-15026
-       RESERVED
-CVE-2019-15025
-       RESERVED
-CVE-2018-20968
+CVE-2019-15055
        RESERVED
-CVE-2018-20967
+CVE-2019-15054
        RESERVED
-CVE-2017-18515
-       RESERVED
-CVE-2017-18514
-       RESERVED
-CVE-2017-18513
-       RESERVED
-CVE-2017-18512
-       RESERVED
-CVE-2017-18511
-       RESERVED
-CVE-2017-18510
-       RESERVED
-CVE-2016-10889
+CVE-2019-15053 (The "HTML Include and replace macro" plugin before 1.5.0 for 
Confluenc ...)
+       TODO: check
+CVE-2019-15052
        RESERVED
-CVE-2016-10888
+CVE-2019-15051
        RESERVED
-CVE-2016-10887
+CVE-2019-15050 (An issue was discovered in Bento4 1.5.1.0. There is a 
heap-based buffe ...)
+       TODO: check
+CVE-2019-15049 (An issue was discovered in Bento4 1.5.1.0. There is a 
heap-based buffe ...)
+       TODO: check
+CVE-2019-15048 (An issue was discovered in Bento4 1.5.1.0. There is a 
heap-based buffe ...)
+       TODO: check
+CVE-2019-15047 (An issue was discovered in Bento4 1.5.1.0. There is a 
heap-based buffe ...)
+       TODO: check
+CVE-2019-15046 (Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows 
unauthentica ...)
+       TODO: check
+CVE-2019-15045
        RESERVED
-CVE-2016-10886
+CVE-2019-15044
        RESERVED
-CVE-2016-10885
+CVE-2019-15043
        RESERVED
-CVE-2016-10884
+CVE-2019-15042
        RESERVED
-CVE-2016-10883
+CVE-2019-15041
        RESERVED
-CVE-2016-10882
+CVE-2019-15040
        RESERVED
-CVE-2016-10881
+CVE-2019-15039
        RESERVED
-CVE-2016-10880
+CVE-2019-15038
        RESERVED
-CVE-2015-9316
+CVE-2019-15037
        RESERVED
-CVE-2015-9315
+CVE-2019-15036
        RESERVED
-CVE-2015-9314
+CVE-2019-15035
        RESERVED
-CVE-2015-9313
+CVE-2019-15034
        RESERVED
-CVE-2015-9312
+CVE-2019-15033
        RESERVED
-CVE-2015-9311
+CVE-2019-15032
        RESERVED
-CVE-2015-9310
+CVE-2019-15031
        RESERVED
-CVE-2015-9309
+CVE-2019-15030
        RESERVED
-CVE-2015-9308
+CVE-2019-15029
        RESERVED
-CVE-2015-9307
+CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact 
could allow ...)
+       NOT-FOR-US: Joomla!
+CVE-2019-15027 (The MediaTek Embedded Multimedia Card (eMMC) subsystem for 
Android on  ...)
+       TODO: check
+CVE-2019-15026
        RESERVED
+CVE-2019-15025 (The ninja-forms plugin before 3.3.21.2 for WordPress has SQL 
injection ...)
+       TODO: check
+CVE-2018-20968 (The wp-ultimate-exporter plugin before 1.4.2 for WordPress has 
CSRF. ...)
+       TODO: check
+CVE-2018-20967 (The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress 
has CSR ...)
+       TODO: check
+CVE-2017-18515 (The wp-statistics plugin before 12.0.8 for WordPress has SQL 
injection ...)
+       TODO: check
+CVE-2017-18514 (The simple-login-log plugin before 1.1.2 for WordPress has SQL 
injecti ...)
+       TODO: check
+CVE-2017-18513 (The responsive-menu plugin before 3.1.4 for WordPress has no 
CSRF prot ...)
+       TODO: check
+CVE-2017-18512 (The newsletter-by-supsystic plugin before 1.1.8 for WordPress 
has CSRF ...)
+       TODO: check
+CVE-2017-18511 (The custom-sidebars plugin before 3.0.8.1 for WordPress has 
CSRF. ...)
+       TODO: check
+CVE-2017-18510 (The custom-sidebars plugin before 3.1.0 for WordPress has CSRF 
related ...)
+       TODO: check
+CVE-2016-10889 (The nextgen-gallery plugin before 2.1.57 for WordPress has SQL 
injecti ...)
+       TODO: check
+CVE-2016-10888 (The all-in-one-wp-security-and-firewall plugin before 4.0.7 
for WordPr ...)
+       TODO: check
+CVE-2016-10887 (The all-in-one-wp-security-and-firewall plugin before 4.0.9 
for WordPr ...)
+       TODO: check
+CVE-2016-10886 (The wp-editor plugin before 1.2.6 for WordPress has incorrect 
permissi ...)
+       TODO: check
+CVE-2016-10885 (The wp-editor plugin before 1.2.6 for WordPress has CSRF. ...)
+       TODO: check
+CVE-2016-10884 (The simple-membership plugin before 3.3.3 for WordPress has 
multiple C ...)
+       TODO: check
+CVE-2016-10883 (The simple-add-pages-or-posts plugin before 1.7 for WordPress 
has CSRF ...)
+       TODO: check
+CVE-2016-10882 (The google-document-embedder plugin before 2.6.2 for WordPress 
has CSR ...)
+       TODO: check
+CVE-2016-10881 (The google-document-embedder plugin before 2.6.2 for WordPress 
has XSS ...)
+       TODO: check
+CVE-2016-10880 (The google-document-embedder plugin before 2.6.1 for WordPress 
has XSS ...)
+       TODO: check
+CVE-2015-9316 (The wp-fastest-cache plugin before 0.8.4.9 for WordPress has 
SQL injec ...)
+       TODO: check
+CVE-2015-9315 (The newstatpress plugin before 1.0.1 for WordPress has SQL 
injection. ...)
+       TODO: check
+CVE-2015-9314 (The newstatpress plugin before 1.0.4 for WordPress has XSS 
related to  ...)
+       TODO: check
+CVE-2015-9313 (The newstatpress plugin before 1.0.5 for WordPress has SQL 
injection r ...)
+       TODO: check
+CVE-2015-9312 (The newstatpress plugin before 1.0.5 for WordPress has XSS 
related to  ...)
+       TODO: check
+CVE-2015-9311 (The newstatpress plugin before 1.0.6 for WordPress has 
reflected XSS. ...)
+       TODO: check
+CVE-2015-9310 (The all-in-one-wp-security-and-firewall plugin before 3.9.1 for 
WordPr ...)
+       TODO: check
+CVE-2015-9309 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has 
CSRF i ...)
+       TODO: check
+CVE-2015-9308 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has 
CSRF i ...)
+       TODO: check
+CVE-2015-9307 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has 
CSRF i ...)
+       TODO: check
 CVE-2014-10375 (handle_messages in eXtl_tls.c in eXosip before 5.0.0 
mishandles a nega ...)
        - libexosip2 <unfixed> (bug #934766)
        NOTE: 
http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070
-CVE-2013-7476
-       RESERVED
+CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in 
the admi ...)
+       TODO: check
 CVE-2019-15024
        RESERVED
 CVE-2019-15023
@@ -180,10 +224,10 @@ CVE-2019-14977
        RESERVED
 CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords 
parameter ...)
        NOT-FOR-US: idreamsoft iCMS
-CVE-2019-14975
-       RESERVED
-CVE-2019-14974
-       RESERVED
+CVE-2019-14975 (Artifex MuPDF before 1.16.0 has a heap-based buffer over-read 
in fz_ch ...)
+       TODO: check
+CVE-2019-14974 (SugarCRM Enterprise 9.0.0 allows 
mobile/error-not-supported-platform.h ...)
+       TODO: check
 CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF 
through ...)
        - tiff 4.0.10+git190814-1 (bug #934780)
        - tiff3 <removed>
@@ -10204,8 +10248,8 @@ CVE-2019-11654
        RESERVED
 CVE-2019-11653 (Remote Access Control Bypass in Micro Focus Content Manager. 
versions  ...)
        NOT-FOR-US: Micro Focus
-CVE-2019-11652
-       RESERVED
+CVE-2019-11652 (A potential authorization bypass issue was found in Micro 
Focus Self S ...)
+       TODO: check
 CVE-2019-11651
        RESERVED
 CVE-2019-11650 (A potential Man in the Middle attack (MITM) was found in NetIQ 
Advance ...)
@@ -13948,13 +13992,13 @@ CVE-2019-10203 [PowerDNS Security Advisory 2019-06: 
Denial of service via crafte
        NOTE: 
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html
 CVE-2019-10202
        RESERVED
-CVE-2019-10201
-       RESERVED
+CVE-2019-10201 (It was found that Keycloak's SAML broker, versions up to 
6.0.1, did no ...)
+       TODO: check
 CVE-2019-10200
        RESERVED
        NOT-FOR-US: OpenShift
-CVE-2019-10199
-       RESERVED
+CVE-2019-10199 (It was found that Keycloak's account console, up to 6.0.1, did 
not per ...)
+       TODO: check
 CVE-2019-10198 (An authentication bypass vulnerability was discovered in 
foreman-tasks ...)
        - foreman <itp> (bug #663101)
 CVE-2019-10197
@@ -16835,8 +16879,8 @@ CVE-2019-9508
        RESERVED
 CVE-2019-9507
        RESERVED
-CVE-2019-9506
-       RESERVED
+CVE-2019-9506 (The Bluetooth BR/EDR specification up to and including version 
5.1 per ...)
+       TODO: check
 CVE-2019-9505 (The PrinterLogic Print Management software, versions up to and 
includi ...)
        NOT-FOR-US: PrinterLogic Print Management
 CVE-2019-9504
@@ -20409,8 +20453,8 @@ CVE-2019-8064
        RESERVED
 CVE-2019-8063
        RESERVED
-CVE-2019-8062
-       RESERVED
+CVE-2019-8062 (Adobe After Effects versions 16 and earlier have an insecure 
library l ...)
+       TODO: check
 CVE-2019-8061
        RESERVED
 CVE-2019-8060
@@ -20611,8 +20655,8 @@ CVE-2019-7963 (Adobe Bridge CC version 9.0.2 and 
earlier versions have an out of
        NOT-FOR-US: Adobe Bridge CC
 CVE-2019-7962
        RESERVED
-CVE-2019-7961
-       RESERVED
+CVE-2019-7961 (Adobe Prelude CC versions 8.1 and earlier have an insecure 
library loa ...)
+       TODO: check
 CVE-2019-7960
        RESERVED
 CVE-2019-7959
@@ -20671,8 +20715,8 @@ CVE-2019-7933
        RESERVED
 CVE-2019-7932 (A remote code execution vulnerability exists in Magento Open 
Source pr ...)
        NOT-FOR-US: Magento
-CVE-2019-7931
-       RESERVED
+CVE-2019-7931 (Adobe Premiere Pro CC versions 13.1.2 and earlier have an 
insecure lib ...)
+       TODO: check
 CVE-2019-7930 (A file upload restriction bypass exists in Magento 2.1 prior to 
2.1.18 ...)
        NOT-FOR-US: Magento
 CVE-2019-7929 (An information leakage vulnerability exists in Magento 2.1 
prior to 2. ...)
@@ -20793,8 +20837,8 @@ CVE-2019-7872 (An insecure direct object reference 
(IDOR) vulnerability exists i
        NOT-FOR-US: Magento
 CVE-2019-7871 (A security bypass exists in Magento 2.1 prior to 2.1.18, 
Magento 2.2 p ...)
        NOT-FOR-US: Magento
-CVE-2019-7870
-       RESERVED
+CVE-2019-7870 (Adobe Character Animator versions 2.1 and earlier have an 
insecure lib ...)
+       TODO: check
 CVE-2019-7869 (A stored cross-site scripting vulnerability exists in the admin 
panel  ...)
        NOT-FOR-US: Magento
 CVE-2019-7868 (A stored cross-site scripting vulnerability exists in the admin 
panel  ...)
@@ -30226,7 +30270,7 @@ CVE-2019-3950 (Arlo Basestation firmware 1.12.0.1_27940 
and prior contain a hard
        NOT-FOR-US: Arlo Basestation firmware
 CVE-2019-3949 (Arlo Basestation firmware 1.12.0.1_27940 and prior firmware 
contain a  ...)
        NOT-FOR-US: Arlo Basestation firmware
-CVE-2019-3948 (The Amcrest IP2M-841B IP camera firmware version 
V2.520.AC00.18.R does ...)
+CVE-2019-3948 (The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX 
V2.622.0000000 ...)
        NOT-FOR-US: Amcrest IP2M-841B IP camera firmware
 CVE-2019-3947 (Fuji Electric V-Server before 6.0.33.0 stores database 
credentials in  ...)
        NOT-FOR-US: Fuji Electric V-Server
@@ -31124,16 +31168,16 @@ CVE-2019-3641
        RESERVED
 CVE-2019-3640
        RESERVED
-CVE-2019-3639
-       RESERVED
+CVE-2019-3639 (Clickjack vulnerability in Adminstrator web console in McAfee 
Web Gate ...)
+       TODO: check
 CVE-2019-3638
        RESERVED
-CVE-2019-3637
-       RESERVED
+CVE-2019-3637 (Privilege Escalation vulnerability in McAfee FRP 5.x prior to 
5.1.0.20 ...)
+       TODO: check
 CVE-2019-3636
        RESERVED
-CVE-2019-3635
-       RESERVED
+CVE-2019-3635 (Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior 
to 7.8. ...)
+       TODO: check
 CVE-2019-3634
        RESERVED
 CVE-2019-3633
@@ -41318,48 +41362,48 @@ CVE-2019-0353
        RESERVED
 CVE-2019-0352
        RESERVED
-CVE-2019-0351
-       RESERVED
+CVE-2019-0351 (A remote code execution vulnerability exists in the SAP 
NetWeaver UDDI ...)
+       TODO: check
 CVE-2019-0350
        RESERVED
-CVE-2019-0349
-       RESERVED
-CVE-2019-0348
-       RESERVED
+CVE-2019-0349 (SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 
7.22, 7. ...)
+       TODO: check
+CVE-2019-0348 (SAP BusinessObjects Business Intelligence Platform (Web 
Intelligence), ...)
+       TODO: check
 CVE-2019-0347
        RESERVED
-CVE-2019-0346
-       RESERVED
-CVE-2019-0345
-       RESERVED
-CVE-2019-0344
-       RESERVED
-CVE-2019-0343
-       RESERVED
+CVE-2019-0346 (Unencrypted communication error in SAP Business Objects 
Business Intel ...)
+       TODO: check
+CVE-2019-0345 (A remote unauthenticated attacker can abuse a web service in 
SAP NetWe ...)
+       TODO: check
+CVE-2019-0344 (Due to unsafe deserialization used in SAP Commerce Cloud 
(virtualjdbc  ...)
+       TODO: check
+CVE-2019-0343 (SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 
6.5, 6.6 ...)
+       TODO: check
 CVE-2019-0342
        RESERVED
-CVE-2019-0341
-       RESERVED
-CVE-2019-0340
-       RESERVED
+CVE-2019-0341 (The session cookie used by SAP Enable Now, version 1902, does 
not have ...)
+       TODO: check
+CVE-2019-0340 (The XML parser, which is being used by SAP Enable Now, before 
version  ...)
+       TODO: check
 CVE-2019-0339
        RESERVED
-CVE-2019-0338
-       RESERVED
-CVE-2019-0337
-       RESERVED
+CVE-2019-0338 (During an OData V2/V4 request in SAP Gateway, versions 750, 
751, 752,  ...)
+       TODO: check
+CVE-2019-0337 (Java Proxy Runtime of SAP NetWeaver Process Integration, 
versions 7.10 ...)
+       TODO: check
 CVE-2019-0336
        RESERVED
-CVE-2019-0335
-       RESERVED
-CVE-2019-0334
-       RESERVED
-CVE-2019-0333
-       RESERVED
-CVE-2019-0332
-       RESERVED
-CVE-2019-0331
-       RESERVED
+CVE-2019-0335 (Under certain conditions SAP BusinessObjects Business 
Intelligence Pla ...)
+       TODO: check
+CVE-2019-0334 (When creating a module in SAP BusinessObjects Business 
Intelligence Pl ...)
+       TODO: check
+CVE-2019-0333 (In some situations, when a client cancels a query in SAP 
BusinessObjec ...)
+       TODO: check
+CVE-2019-0332 (SAP BusinessObjects Business Intelligence Platform (Info View), 
versio ...)
+       TODO: check
+CVE-2019-0331 (Under certain conditions, SAP BusinessObjects Business 
Intelligence Pl ...)
+       TODO: check
 CVE-2019-0330 (The OS Command Plugin in the transaction GPA_ADMIN and the 
OSCommand C ...)
        NOT-FOR-US: SAP
 CVE-2019-0329 (SAP Information Steward, version 4.2, does not sufficiently 
encode use ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fb92ed3a694ad8a47f1e6b0191aeeda52f89930

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fb92ed3a694ad8a47f1e6b0191aeeda52f89930
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to