[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 23 Aug 2019 01:10:48 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e8e4c7f3 by security tracker role at 2019-08-23T08:10:13Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,381 @@
-CVE-2019-15331 (The wp-support-plus-responsive-ticket-system plugin before 
9.1.2 for W ...)
-       NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for 
WordPress
-CVE-2019-15330 (The webp-express plugin before 0.14.11 for WordPress has 
insufficient  ...)
-       NOT-FOR-US: webp-express plugin for WordPress
-CVE-2019-15329
+CVE-2019-15513 (An issue was discovered in OpenWrt libuci (aka Library for the 
Unified ...)
+       TODO: check
+CVE-2019-15512
+       RESERVED
+CVE-2019-15511
+       RESERVED
+CVE-2019-15510
+       RESERVED
+CVE-2019-15509
+       RESERVED
+CVE-2019-15508 (In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web 
request proxy  ...)
+       TODO: check
+CVE-2019-15507 (In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web 
request pr ...)
+       TODO: check
+CVE-2019-15506
+       RESERVED
+CVE-2019-15505 (drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel 
through ...)
+       TODO: check
+CVE-2019-15504 (drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel 
through 5.2 ...)
+       TODO: check
+CVE-2019-15503
+       RESERVED
+CVE-2019-15502
+       RESERVED
+CVE-2019-15501
+       RESERVED
+CVE-2019-15500
+       RESERVED
+CVE-2019-15499 (CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME 
element wi ...)
+       TODO: check
+CVE-2019-15498 (cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 
allows rem ...)
+       TODO: check
+CVE-2019-15497
+       RESERVED
+CVE-2019-15496
+       RESERVED
+CVE-2019-15495
+       RESERVED
+CVE-2019-15494
+       RESERVED
+CVE-2019-15493
+       RESERVED
+CVE-2019-15492
+       RESERVED
+CVE-2019-15491
+       RESERVED
+CVE-2019-15490
+       RESERVED
+CVE-2019-15489
+       RESERVED
+CVE-2019-15488
+       RESERVED
+CVE-2019-15487
+       RESERVED
+CVE-2019-15486
+       RESERVED
+CVE-2019-15485
+       RESERVED
+CVE-2019-15484
+       RESERVED
+CVE-2019-15483
+       RESERVED
+CVE-2019-15482
+       RESERVED
+CVE-2019-15481
+       RESERVED
+CVE-2019-15480
+       RESERVED
+CVE-2019-15479
+       RESERVED
+CVE-2019-15478
+       RESERVED
+CVE-2019-15477
+       RESERVED
+CVE-2019-15476
+       RESERVED
+CVE-2019-15475
+       RESERVED
+CVE-2019-15474
+       RESERVED
+CVE-2019-15473
+       RESERVED
+CVE-2019-15472
+       RESERVED
+CVE-2019-15471
+       RESERVED
+CVE-2019-15470
+       RESERVED
+CVE-2019-15469
+       RESERVED
+CVE-2019-15468
+       RESERVED
+CVE-2019-15467
+       RESERVED
+CVE-2019-15466
+       RESERVED
+CVE-2019-15465
+       RESERVED
+CVE-2019-15464
+       RESERVED
+CVE-2019-15463
+       RESERVED
+CVE-2019-15462
+       RESERVED
+CVE-2019-15461
+       RESERVED
+CVE-2019-15460
+       RESERVED
+CVE-2019-15459
+       RESERVED
+CVE-2019-15458
+       RESERVED
+CVE-2019-15457
+       RESERVED
+CVE-2019-15456
+       RESERVED
+CVE-2019-15455
+       RESERVED
+CVE-2019-15454
+       RESERVED
+CVE-2019-15453
+       RESERVED
+CVE-2019-15452
+       RESERVED
+CVE-2019-15451
+       RESERVED
+CVE-2019-15450
+       RESERVED
+CVE-2019-15449
+       RESERVED
+CVE-2019-15448
+       RESERVED
+CVE-2019-15447
+       RESERVED
+CVE-2019-15446
+       RESERVED
+CVE-2019-15445
+       RESERVED
+CVE-2019-15444
+       RESERVED
+CVE-2019-15443
+       RESERVED
+CVE-2019-15442
+       RESERVED
+CVE-2019-15441
+       RESERVED
+CVE-2019-15440
+       RESERVED
+CVE-2019-15439
+       RESERVED
+CVE-2019-15438
+       RESERVED
+CVE-2019-15437
+       RESERVED
+CVE-2019-15436
+       RESERVED
+CVE-2019-15435
+       RESERVED
+CVE-2019-15434
+       RESERVED
+CVE-2019-15433
+       RESERVED
+CVE-2019-15432
+       RESERVED
+CVE-2019-15431
+       RESERVED
+CVE-2019-15430
+       RESERVED
+CVE-2019-15429
+       RESERVED
+CVE-2019-15428
+       RESERVED
+CVE-2019-15427
+       RESERVED
+CVE-2019-15426
+       RESERVED
+CVE-2019-15425
+       RESERVED
+CVE-2019-15424
+       RESERVED
+CVE-2019-15423
+       RESERVED
+CVE-2019-15422
+       RESERVED
+CVE-2019-15421
+       RESERVED
+CVE-2019-15420
+       RESERVED
+CVE-2019-15419
+       RESERVED
+CVE-2019-15418
+       RESERVED
+CVE-2019-15417
+       RESERVED
+CVE-2019-15416
+       RESERVED
+CVE-2019-15415
+       RESERVED
+CVE-2019-15414
+       RESERVED
+CVE-2019-15413
+       RESERVED
+CVE-2019-15412
+       RESERVED
+CVE-2019-15411
        RESERVED
-CVE-2019-15328
+CVE-2019-15410
        RESERVED
-CVE-2019-15327
+CVE-2019-15409
        RESERVED
-CVE-2019-15326
+CVE-2019-15408
        RESERVED
-CVE-2019-15325
+CVE-2019-15407
        RESERVED
+CVE-2019-15406
+       RESERVED
+CVE-2019-15405
+       RESERVED
+CVE-2019-15404
+       RESERVED
+CVE-2019-15403
+       RESERVED
+CVE-2019-15402
+       RESERVED
+CVE-2019-15401
+       RESERVED
+CVE-2019-15400
+       RESERVED
+CVE-2019-15399
+       RESERVED
+CVE-2019-15398
+       RESERVED
+CVE-2019-15397
+       RESERVED
+CVE-2019-15396
+       RESERVED
+CVE-2019-15395
+       RESERVED
+CVE-2019-15394
+       RESERVED
+CVE-2019-15393
+       RESERVED
+CVE-2019-15392
+       RESERVED
+CVE-2019-15391
+       RESERVED
+CVE-2019-15390
+       RESERVED
+CVE-2019-15389
+       RESERVED
+CVE-2019-15388
+       RESERVED
+CVE-2019-15387
+       RESERVED
+CVE-2019-15386
+       RESERVED
+CVE-2019-15385
+       RESERVED
+CVE-2019-15384
+       RESERVED
+CVE-2019-15383
+       RESERVED
+CVE-2019-15382
+       RESERVED
+CVE-2019-15381
+       RESERVED
+CVE-2019-15380
+       RESERVED
+CVE-2019-15379
+       RESERVED
+CVE-2019-15378
+       RESERVED
+CVE-2019-15377
+       RESERVED
+CVE-2019-15376
+       RESERVED
+CVE-2019-15375
+       RESERVED
+CVE-2019-15374
+       RESERVED
+CVE-2019-15373
+       RESERVED
+CVE-2019-15372
+       RESERVED
+CVE-2019-15371
+       RESERVED
+CVE-2019-15370
+       RESERVED
+CVE-2019-15369
+       RESERVED
+CVE-2019-15368
+       RESERVED
+CVE-2019-15367
+       RESERVED
+CVE-2019-15366
+       RESERVED
+CVE-2019-15365
+       RESERVED
+CVE-2019-15364
+       RESERVED
+CVE-2019-15363
+       RESERVED
+CVE-2019-15362
+       RESERVED
+CVE-2019-15361
+       RESERVED
+CVE-2019-15360
+       RESERVED
+CVE-2019-15359
+       RESERVED
+CVE-2019-15358
+       RESERVED
+CVE-2019-15357
+       RESERVED
+CVE-2019-15356
+       RESERVED
+CVE-2019-15355
+       RESERVED
+CVE-2019-15354
+       RESERVED
+CVE-2019-15353
+       RESERVED
+CVE-2019-15352
+       RESERVED
+CVE-2019-15351
+       RESERVED
+CVE-2019-15350
+       RESERVED
+CVE-2019-15349
+       RESERVED
+CVE-2019-15348
+       RESERVED
+CVE-2019-15347
+       RESERVED
+CVE-2019-15346
+       RESERVED
+CVE-2019-15345
+       RESERVED
+CVE-2019-15344
+       RESERVED
+CVE-2019-15343
+       RESERVED
+CVE-2019-15342
+       RESERVED
+CVE-2019-15341
+       RESERVED
+CVE-2019-15340
+       RESERVED
+CVE-2019-15339
+       RESERVED
+CVE-2019-15338
+       RESERVED
+CVE-2019-15337
+       RESERVED
+CVE-2019-15336
+       RESERVED
+CVE-2019-15335
+       RESERVED
+CVE-2019-15334
+       RESERVED
+CVE-2019-15333
+       RESERVED
+CVE-2019-15332
+       RESERVED
+CVE-2019-15331 (The wp-support-plus-responsive-ticket-system plugin before 
9.1.2 for W ...)
+       NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for 
WordPress
+CVE-2019-15330 (The webp-express plugin before 0.14.11 for WordPress has 
insufficient  ...)
+       NOT-FOR-US: webp-express plugin for WordPress
+CVE-2019-15329 (The import-users-from-csv-with-meta plugin before 1.14.0.3 for 
WordPre ...)
+       TODO: check
+CVE-2019-15328 (The import-users-from-csv-with-meta plugin before 1.14.0.3 for 
WordPre ...)
+       TODO: check
+CVE-2019-15327 (The import-users-from-csv-with-meta plugin before 1.14.1.3 for 
WordPre ...)
+       TODO: check
+CVE-2019-15326 (The import-users-from-csv-with-meta plugin before 1.14.2.1 for 
WordPre ...)
+       TODO: check
+CVE-2019-15325 (In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but 
/etc/sysctl.d/1 ...)
+       TODO: check
 CVE-2018-20988 (The wpgform plugin before 0.94 for WordPress has eval 
injection in the ...)
        NOT-FOR-US: wpgform plugin for WordPress
 CVE-2018-20987 (The newsletters-lite plugin before 4.6.8.6 for WordPress has 
PHP objec ...)
@@ -30,8 +394,8 @@ CVE-2015-9338 (The wp-file-upload plugin before 2.5.0 for 
WordPress has insuffic
        NOT-FOR-US: wp-file-upload plugin for WordPress
 CVE-2014-10394 (The rich-counter plugin before 1.2.0 for WordPress has 
JavaScript inje ...)
        NOT-FOR-US: rich-counter plugin for WordPress
-CVE-2014-10393
-       RESERVED
+CVE-2014-10393 (The cforms2 plugin before 10.5 for WordPress has XSS. ...)
+       TODO: check
 CVE-2014-10392 (The cforms2 plugin before 10.2 for WordPress has XSS. ...)
        NOT-FOR-US: cforms2 plugin for WordPress
 CVE-2014-10391 (The wp-support-plus-responsive-ticket-system plugin before 4.1 
for Wor ...)
@@ -66,8 +430,8 @@ CVE-2019-15316 (Valve Steam Client for Windows through 
2019-08-20 has weak folde
        NOT-FOR-US: Valve Steam Client for Windows
 CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows 
privilege esc ...)
        NOT-FOR-US: Valve Steam Client for Windows
-CVE-2018-20986
-       RESERVED
+CVE-2018-20986 (The advanced-custom-fields plugin before 5.7.8 for WordPress 
has XSS b ...)
+       TODO: check
 CVE-2018-20985 (The wp-payeezy-pay plugin before 2.98 for WordPress has local 
file inc ...)
        NOT-FOR-US: wp-payeezy-pay plugin for WordPress
 CVE-2018-20984 (The patreon-connect plugin before 1.2.2 for WordPress has 
Object Injec ...)
@@ -82,8 +446,8 @@ CVE-2018-20980 (The ninja-forms plugin before 3.2.15 for 
WordPress has parameter
        NOT-FOR-US: ninja-forms plugin for WordPress
 CVE-2018-20979 (The contact-form-7 plugin before 5.0.4 for WordPress has 
privilege esc ...)
        NOT-FOR-US: contact-form-7 plugin for WordPress
-CVE-2017-18585
-       RESERVED
+CVE-2017-18585 (The posts-in-page plugin before 1.3.0 for WordPress has 
ic_add_posts t ...)
+       TODO: check
 CVE-2017-18584 (The post-pay-counter plugin before 2.731 for WordPress has no 
permissi ...)
        NOT-FOR-US: post-pay-counter plugin for WordPress
 CVE-2017-18583 (The post-pay-counter plugin before 2.731 for WordPress has PHP 
Object  ...)
@@ -94,10 +458,10 @@ CVE-2017-18581 (The time-sheets plugin before 1.5.0 for 
WordPress has XSS via th
        NOT-FOR-US: time-sheets plugin for WordPress
 CVE-2017-18580 (The shortcodes-ultimate plugin before 5.0.1 for WordPress has 
remote c ...)
        NOT-FOR-US: shortcodes-ultimate plugin for WordPress
-CVE-2017-18579
-       RESERVED
-CVE-2017-18578
-       RESERVED
+CVE-2017-18579 (The corner-ad plugin before 1.0.8 for WordPress has XSS. ...)
+       TODO: check
+CVE-2017-18578 (The crafty-social-buttons plugin before 1.5.8 for WordPress 
has XSS. ...)
+       TODO: check
 CVE-2017-18577 (The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS 
via the ...)
        NOT-FOR-US: mailchimp-for-wp plugin for WordPress
 CVE-2017-18576 (The event-notifier plugin before 1.2.1 for WordPress has XSS 
via the l ...)
@@ -114,10 +478,10 @@ CVE-2017-18571 (The search-everything plugin before 8.1.7 
for WordPress has SQL
        NOT-FOR-US: search-everything plugin for WordPress
 CVE-2017-18570 (The cforms2 plugin before 14.13 for WordPress has SQL 
injection in the ...)
        NOT-FOR-US: cforms2 plugin for WordPress
-CVE-2016-10929
-       RESERVED
-CVE-2016-10928
-       RESERVED
+CVE-2016-10929 (The advanced-ajax-page-loader plugin before 2.7.7 for 
WordPress has no ...)
+       TODO: check
+CVE-2016-10928 (The onelogin-saml-sso plugin before 2.2.0 for WordPress has a 
hardcode ...)
+       TODO: check
 CVE-2016-10927 (The nelio-ab-testing plugin before 4.5.11 for WordPress has 
SSRF in aj ...)
        NOT-FOR-US: nelio-ab-testing plugin for WordPress
 CVE-2016-10926 (The nelio-ab-testing plugin before 4.5.9 for WordPress has 
SSRF in aja ...)
@@ -148,8 +512,8 @@ CVE-2015-9336 (The clean-login plugin before 1.5.1 for 
WordPress has reflected X
        NOT-FOR-US: clean-login plugin for WordPress
 CVE-2015-9335 (The limit-attempts plugin before 1.1.1 for WordPress has SQL 
injection ...)
        NOT-FOR-US: limit-attempts plugin for WordPress
-CVE-2015-9334
-       RESERVED
+CVE-2015-9334 (The email-newsletter plugin through 20.15 for WordPress has SQL 
inject ...)
+       TODO: check
 CVE-2015-9333 (The cforms2 plugin before 14.6.10 for WordPress has SQL 
injection. ...)
        NOT-FOR-US: cforms2 plugin for WordPress
 CVE-2014-10385 (The memphis-documents-library plugin before 3.0 for WordPress 
has XSS  ...)
@@ -158,10 +522,10 @@ CVE-2014-10384 (The memphis-documents-library plugin 
before 3.0 for WordPress ha
        NOT-FOR-US: memphis-documents-library plugin for WordPress
 CVE-2014-10383 (The memphis-documents-library plugin before 3.0 for WordPress 
has Remo ...)
        NOT-FOR-US: memphis-documents-library plugin for WordPress
-CVE-2014-10382
-       RESERVED
-CVE-2013-7483
-       RESERVED
+CVE-2014-10382 (The feature-comments plugin before 1.2.5 for WordPress has 
CSRF for fe ...)
+       TODO: check
+CVE-2013-7483 (The slidedeck2 plugin before 2.3.5 for WordPress has file 
inclusion. ...)
+       TODO: check
 CVE-2013-7482 (The reflex-gallery plugin before 1.4.3 for WordPress has XSS. 
...)
        NOT-FOR-US: reflex-gallery plugin for WordPress
 CVE-2013-7481 (The contact-form-plugin plugin before 3.3.5 for WordPress has 
XSS. ...)
@@ -7430,8 +7794,7 @@ CVE-2019-13141
        RESERVED
 CVE-2019-13140
        RESERVED
-CVE-2019-13139 [command injection due to a missing validation of the git ref 
command]
-       RESERVED
+CVE-2019-13139 (In Docker before 18.09.4, an attacker who is capable of 
supplying or m ...)
        [experimental] - docker.io 18.09.5+dfsg1-1
        - docker.io 18.09.1+dfsg1-8 (bug #933002)
        [buster] - docker.io <no-dsa> (Minor issue)
@@ -20184,6 +20547,7 @@ CVE-2019-8697
        RESERVED
 CVE-2019-8696 [stack-buffer-overflow in libcups's asn1_get_packed function]
        RESERVED
+       {DLA-1893-1}
        - cups 2.2.12-1 (bug #934957)
        [buster] - cups <no-dsa> (Minor issue, can be fixed via point release)
        [stretch] - cups <no-dsa> (Minor issue, can be fixed via point release)
@@ -20230,6 +20594,7 @@ CVE-2019-8676
        RESERVED
 CVE-2019-8675 [stack-buffer-overflow in libcups's asn1_get_type function]
        RESERVED
+       {DLA-1893-1}
        - cups 2.2.12-1 (bug #934957)
        [buster] - cups <no-dsa> (Minor issue, can be fixed via point release)
        [stretch] - cups <no-dsa> (Minor issue, can be fixed via point release)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8e4c7f3b207eadb5204aa3324ee019b036c16c0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e8e4c7f3b207eadb5204aa3324ee019b036c16c0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to