[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 18 Sep 2019 13:11:13 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
938a1b94 by security tracker role at 2019-09-18T20:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2019-16404
+       RESERVED
+CVE-2019-16403 (In Webkul Bagisto before 0.1.5, the functionalities for 
customers to c ...)
+       TODO: check
+CVE-2019-16402
+       RESERVED
+CVE-2019-16401
+       RESERVED
+CVE-2019-16400
+       RESERVED
+CVE-2019-16399 (Western Digital WD My Book World through II 1.02.12 suffers 
from Broke ...)
+       TODO: check
 CVE-2019-16398
        RESERVED
 CVE-2019-16397
@@ -30,10 +42,10 @@ CVE-2019-16380
        RESERVED
 CVE-2019-16379
        RESERVED
-CVE-2016-10995
-       RESERVED
-CVE-2016-10994
-       RESERVED
+CVE-2016-10995 (The Tevolution plugin before 2.3.0 for WordPress has arbitrary 
file up ...)
+       TODO: check
+CVE-2016-10994 (The Truemag theme 2016 Q2 for WordPress has XSS via the s 
parameter. ...)
+       TODO: check
 CVE-2016-10993 (The ScoreMe theme through 2016-04-01 for WordPress has XSS via 
the s p ...)
        TODO: check
 CVE-2016-10992 (The music-store plugin before 1.0.43 for WordPress has XSS via 
the wp- ...)
@@ -585,10 +597,10 @@ CVE-2019-16218 (WordPress before 5.2.3 allows XSS in 
stored comments. ...)
 CVE-2019-16217 (WordPress before 5.2.3 allows XSS in media uploads because 
wp_ajax_upl ...)
        - wordpress 5.2.3+dfsg1-1 (bug #939543)
        NOTE: https://core.trac.wordpress.org/changeset/45936
-CVE-2019-16216
-       RESERVED
-CVE-2019-16215
-       RESERVED
+CVE-2019-16216 (Zulip server before 2.0.5 incompletely validated the MIME 
types of upl ...)
+       TODO: check
+CVE-2019-16215 (The Markdown parser in Zulip server before 2.0.5 used a 
regular expres ...)
+       TODO: check
 CVE-2019-16214 (Libra Core before 2019-09-03 has an erroneous regular 
expression for i ...)
        NOT-FOR-US: Libra
 CVE-2019-16213
@@ -1523,8 +1535,8 @@ CVE-2019-15845
        RESERVED
 CVE-2019-15844
        RESERVED
-CVE-2019-15843
-       RESERVED
+CVE-2019-15843 (A malicious file upload vulnerability was discovered in Xiaomi 
Millet  ...)
+       TODO: check
 CVE-2019-15842 (The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for 
WordPress  ...)
        NOT-FOR-US: easy-pdf-restaurant-menu-upload plugin for WordPress
 CVE-2019-15841 (The facebook-for-woocommerce plugin before 1.9.15 for 
WordPress has CS ...)
@@ -1645,7 +1657,7 @@ CVE-2019-15787 (libZetta.rs through 0.1.2 has an integer 
overflow in the zpool p
        NOT-FOR-US: libzetta-rs
 CVE-2019-15786 (ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via 
a large ...)
        NOT-FOR-US: ROBOTIS Dynamixel SDK
-CVE-2019-15785 (FontForge through 20190801 has a buffer overflow in 
PrefsUI_LoadPrefs  ...)
+CVE-2019-15785 (FontForge 20190813 through 20190820 has a buffer overflow in 
PrefsUI_L ...)
        - fontforge <not-affected> (Vulnerable code introduced later)
        NOTE: https://github.com/fontforge/fontforge/pull/3886
 CVE-2019-15784 (Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList 
array ov ...)
@@ -4089,7 +4101,7 @@ CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 
6.x before 6.9.10-42, the
        NOTE: https://github.com/ImageMagick/ImageMagick6/issues/43
        NOTE: Introduced in 
https://github.com/ImageMagick/ImageMagick6/commit/6f29b3755748a899145b639195dd3bc640d36bb4
 (6.9.10-24)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/614a257295bdcdeda347086761062ac7658b6830
 (6.9.10-42)
-CVE-2019-14979 (cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout 
Payment Ga ...)
+CVE-2019-14979 (** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce 
PayPal Chec ...)
        NOT-FOR-US: WooCommerce PayPal Checkout Payment Gateway plugin for 
WordPress
 CVE-2019-14978 (/payu/icpcheckout/ in the WooCommerce PayU India Payment 
Gateway plugi ...)
        NOT-FOR-US: WooCommerce PayU India Payment Gateway plugin for WordPress
@@ -5550,8 +5562,8 @@ CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by 
an integer overflow in
        [stretch] - nfdump <no-dsa> (Minor issue)
        NOTE: https://github.com/phaag/nfdump/issues/171
        NOTE: 
https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b
-CVE-2019-14458
-       RESERVED
+CVE-2019-14458 (VIVOTEK IP Camera devices with firmware before 0x20x allow a 
denial of ...)
+       TODO: check
 CVE-2019-14457 (VIVOTEK IP Camera devices with firmware before 0x20x have a 
stack-base ...)
        NOT-FOR-US: VIVOTEK IP Camera devices
 CVE-2019-14456 (Opengear console server firmware releases prior to 4.5.0 have 
a stored ...)
@@ -6726,12 +6738,12 @@ CVE-2019-14256
        RESERVED
 CVE-2019-14255 (A Server Side Request Forgery (SSRF) vulnerability in go-camo 
up to ve ...)
        NOT-FOR-US: go-camo
-CVE-2019-14254
-       RESERVED
-CVE-2019-14253
-       RESERVED
-CVE-2019-14252
-       RESERVED
+CVE-2019-14254 (An issue was discovered in the secure portal in Publisure 
2.1.2. Becau ...)
+       TODO: check
+CVE-2019-14253 (An issue was discovered in servletcontroller in the secure 
portal in P ...)
+       TODO: check
+CVE-2019-14252 (An issue was discovered in the secure portal in Publisure 
2.1.2. Once  ...)
+       TODO: check
 CVE-2019-14251
        RESERVED
 CVE-2019-14250 (An issue was discovered in GNU libiberty, as distributed in 
GNU Binuti ...)
@@ -11811,8 +11823,8 @@ CVE-2019-12622 (A vulnerability in Cisco RoomOS 
Software could allow an authenti
        NOT-FOR-US: Cisco
 CVE-2019-12621 (A vulnerability in Cisco HyperFlex Software could allow an 
unauthentic ...)
        NOT-FOR-US: Cisco
-CVE-2019-12620
-       RESERVED
+CVE-2019-12620 (A vulnerability in the statistics collection service of Cisco 
HyperFle ...)
+       TODO: check
 CVE-2019-12619
        RESERVED
 CVE-2019-12618 (HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access 
Control via t ...)
@@ -14015,7 +14027,7 @@ CVE-2019-11753
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11753
 CVE-2019-11752
        RESERVED
-       {DSA-4523-1 DSA-4516-1 DLA-1910-1}
+       {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
        - firefox 69.0-1
        - firefox-esr 68.1.0esr-1
        - thunderbird 1:60.9.0-1
@@ -14067,7 +14079,7 @@ CVE-2019-11747
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11747
 CVE-2019-11746
        RESERVED
-       {DSA-4523-1 DSA-4516-1 DLA-1910-1}
+       {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
        - firefox 69.0-1
        - firefox-esr 68.1.0esr-1
        - thunderbird 1:60.9.0-1
@@ -14079,7 +14091,7 @@ CVE-2019-11745
        RESERVED
 CVE-2019-11744
        RESERVED
-       {DSA-4523-1 DSA-4516-1 DLA-1910-1}
+       {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
        - firefox 69.0-1
        - firefox-esr 68.1.0esr-1
        - thunderbird 1:60.9.0-1
@@ -14089,7 +14101,7 @@ CVE-2019-11744
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11744
 CVE-2019-11743
        RESERVED
-       {DSA-4523-1 DSA-4516-1 DLA-1910-1}
+       {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
        - firefox 69.0-1
        - firefox-esr 68.1.0esr-1
        - thunderbird 1:60.9.0-1
@@ -14098,7 +14110,7 @@ CVE-2019-11743
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11743
 CVE-2019-11742
        RESERVED
-       {DSA-4523-1 DSA-4516-1 DLA-1910-1}
+       {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
        - firefox 69.0-1
        - firefox-esr 68.1.0esr-1
        - thunderbird 1:60.9.0-1
@@ -14112,7 +14124,7 @@ CVE-2019-11741
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11741
 CVE-2019-11740
        RESERVED
-       {DSA-4523-1 DSA-4516-1 DLA-1910-1}
+       {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1}
        - firefox 69.0-1
        - firefox-esr 68.1.0esr-1
        - thunderbird 1:60.9.0-1
@@ -14122,7 +14134,7 @@ CVE-2019-11740
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11740
 CVE-2019-11739
        RESERVED
-       {DSA-4523-1}
+       {DSA-4523-1 DLA-1926-1}
        - thunderbird 1:60.9.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11739
 CVE-2019-11738
@@ -20760,14 +20772,14 @@ CVE-2019-9682
        RESERVED
 CVE-2019-9681 (Online upgrade information in some firmware packages of Dahua 
products ...)
        TODO: check
-CVE-2019-9680
-       RESERVED
-CVE-2019-9679
-       RESERVED
-CVE-2019-9678
-       RESERVED
-CVE-2019-9677
-       RESERVED
+CVE-2019-9680 (Some Dahua products have information leakage issues. Attackers 
can obt ...)
+       TODO: check
+CVE-2019-9679 (Some of Dahua's Debug functions do not have permission 
separation. Low ...)
+       TODO: check
+CVE-2019-9678 (Some Dahua products have the problem of denial of service 
during the l ...)
+       TODO: check
+CVE-2019-9677 (The specific fields of CGI interface of some Dahua products are 
not st ...)
+       TODO: check
 CVE-2019-9676 (Buffer overflow vulnerability found in some Dahua IP Camera 
devices IP ...)
        NOT-FOR-US: Dahua IP Camera devices
 CVE-2019-9675 (** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 
and 7. ...)
@@ -26598,7 +26610,7 @@ CVE-2019-7443 (KDE KAuth before 5.55 allows the passing 
of parameters with arbit
        NOTE: 
https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
 CVE-2019-7442 (An XML external entity (XXE) vulnerability in the Password 
Vault Web A ...)
        NOT-FOR-US: CyberArk Enterprise Password Vault
-CVE-2019-7441 (cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout 
Payment Ga ...)
+CVE-2019-7441 (** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce 
PayPal Chec ...)
        NOT-FOR-US: WooCommerce
 CVE-2019-7440 (JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and 
Security Ke ...)
        NOT-FOR-US: JioFi
@@ -41673,8 +41685,8 @@ CVE-2019-1977 (A vulnerability within the Endpoint 
Learning feature of Cisco Nex
        NOT-FOR-US: Cisco
 CVE-2019-1976 (A vulnerability in the &amp;ldquo;plug-and-play&amp;rdquo; 
services co ...)
        NOT-FOR-US: Cisco
-CVE-2019-1975
-       RESERVED
+CVE-2019-1975 (A vulnerability in the web-based interface of Cisco HyperFlex 
Software ...)
+       TODO: check
 CVE-2019-1974 (A vulnerability in the web-based management interface of Cisco 
Integra ...)
        NOT-FOR-US: Cisco
 CVE-2019-1973 (A vulnerability in the web portal framework of Cisco Enterprise 
NFV In ...)
@@ -95296,8 +95308,8 @@ CVE-2018-1849
        RESERVED
 CVE-2018-1848 (IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is 
vulnerable t ...)
        NOT-FOR-US: IBM
-CVE-2018-1847
-       RESERVED
+CVE-2018-1847 (IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 
v2.0.0 ...)
+       TODO: check
 CVE-2018-1846 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 
and 6.0 t ...)
        NOT-FOR-US: IBM
 CVE-2018-1845 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is 
vulnerable t ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/938a1b94f1597cc710a81e8050c9dad6d5494a1d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/938a1b94f1597cc710a81e8050c9dad6d5494a1d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to