Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
66874c00 by security tracker role at 2019-08-17T08:10:12Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2019-15124
+ RESERVED
CVE-2019-15123
RESERVED
CVE-2019-15122
@@ -14,14 +16,14 @@ CVE-2019-15118 (check_input_term in sound/usb/mixer.c in
the Linux kernel throug
CVE-2019-15117 (parse_audio_mixer_unit in sound/usb/mixer.c in the Linux
kernel throug ...)
- linux <unfixed>
NOTE: Fixed by:
https://git.kernel.org/linus/daac07156b330b18eb5071aec4b3ddca1c377f2c
-CVE-2019-15116
- RESERVED
-CVE-2019-15115
- RESERVED
-CVE-2019-15114
- RESERVED
-CVE-2019-15113
- RESERVED
+CVE-2019-15116 (The easy-digital-downloads plugin before 2.9.16 for WordPress
has XSS ...)
+ TODO: check
+CVE-2019-15115 (The peters-login-redirect plugin before 2.9.2 for WordPress
has CSRF. ...)
+ TODO: check
+CVE-2019-15114 (The formcraft-form-builder plugin before 1.2.2 for WordPress
has CSRF. ...)
+ TODO: check
+CVE-2019-15113 (The companion-sitemap-generator plugin before 3.7.0 for
WordPress has ...)
+ TODO: check
CVE-2019-15112
RESERVED
CVE-2019-15111
@@ -76,14 +78,14 @@ CVE-2019-15084 (Realtek Waves MaxxAudio driver 1.6.2.0, as
used on Dell laptops,
TODO: check
CVE-2019-15083
RESERVED
-CVE-2018-20974
- RESERVED
-CVE-2018-20973
- RESERVED
-CVE-2018-20972
- RESERVED
-CVE-2018-20971
- RESERVED
+CVE-2018-20974 (The js-jobs plugin before 1.0.7 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2018-20973 (The companion-auto-update plugin before 3.2.1 for WordPress
has local ...)
+ TODO: check
+CVE-2018-20972 (The companion-auto-update plugin before 3.2.1 for WordPress
has CSRF. ...)
+ TODO: check
+CVE-2018-20971 (The church-admin plugin before 1.2550 for WordPress has CSRF
affecting ...)
+ TODO: check
CVE-2018-20970
RESERVED
CVE-2018-20969 (do_ed_script in pch.c in GNU patch through 2.7.6 does not
block string ...)
@@ -92,20 +94,20 @@ CVE-2018-20969 (do_ed_script in pch.c in GNU patch through
2.7.6 does not block
NOTE:
https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
CVE-2017-18548 (The note-press plugin before 0.1.2 for WordPress has SQL
injection. ...)
NOT-FOR-US: note-press plugin for WordPress
-CVE-2017-18547
- RESERVED
-CVE-2017-18546
- RESERVED
-CVE-2017-18545
- RESERVED
-CVE-2017-18544
- RESERVED
-CVE-2017-18543
- RESERVED
-CVE-2017-18542
- RESERVED
-CVE-2017-18541
- RESERVED
+CVE-2017-18547 (The nelio-ab-testing plugin before 4.6.4 for WordPress has
CSRF in exp ...)
+ TODO: check
+CVE-2017-18546 (The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF.
...)
+ TODO: check
+CVE-2017-18545 (The invite-anyone plugin before 1.3.16 for WordPress has
incorrect esc ...)
+ TODO: check
+CVE-2017-18544 (The invite-anyone plugin before 1.3.16 for WordPress has
admin-panel C ...)
+ TODO: check
+CVE-2017-18543 (The invite-anyone plugin before 1.3.16 for WordPress has
incorrect acc ...)
+ TODO: check
+CVE-2017-18542 (The zendesk-help-center plugin before 1.0.5 for WordPress has
multiple ...)
+ TODO: check
+CVE-2017-18541 (The xo-security plugin before 1.5.3 for WordPress has XSS. ...)
+ TODO: check
CVE-2017-18540
RESERVED
CVE-2017-18539
@@ -160,18 +162,18 @@ CVE-2015-9326 (The wp-business-intelligence-lite plugin
before 1.6.3 for WordPre
NOT-FOR-US: wp-business-intelligence-lite plugin for WordPress
CVE-2015-9325 (The visitors-online plugin before 0.4 for WordPress has SQL
injection. ...)
NOT-FOR-US: visitors-online plugin for WordPress
-CVE-2015-9324
- RESERVED
-CVE-2015-9323
- RESERVED
-CVE-2015-9322
- RESERVED
+CVE-2015-9324 (The easy-digital-downloads plugin before 2.3.3 for WordPress
has SQL i ...)
+ TODO: check
+CVE-2015-9323 (The 404-to-301 plugin before 2.0.3 for WordPress has SQL
injection. ...)
+ TODO: check
+CVE-2015-9322 (The erident-custom-login-and-dashboard plugin before 3.5 for
WordPress ...)
+ TODO: check
CVE-2015-9321
RESERVED
CVE-2015-9320
RESERVED
-CVE-2014-10376
- RESERVED
+CVE-2014-10376 (The i-recommend-this plugin before 3.7.3 for WordPress has SQL
injecti ...)
+ TODO: check
CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel
through 5.2. ...)
- linux <unfixed>
NOTE:
https://lore.kernel.org/linux-wireless/[email protected]/T/#u
@@ -7793,7 +7795,7 @@ CVE-2019-12732 (The Chartkick gem through 3.1.0 for Ruby
allows XSS. ...)
CVE-2019-12731 (The Windows versions of Snapview Mikogo, versions before
5.10.2 are af ...)
NOT-FOR-US: Snapview Mikogo
CVE-2019-12730 (aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14
and 4.x ...)
- {DSA-4449-1}
+ {DSA-4502-1 DSA-4449-1}
- ffmpeg 7:4.1.4-1 (low; bug #932469)
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b
CVE-2019-12729
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/66874c0091b028f50acebf85f259b61a166d1488
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/66874c0091b028f50acebf85f259b61a166d1488
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
