Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6c2f0133 by security tracker role at 2019-10-07T20:10:27Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,99 @@ +CVE-2019-17319 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) + TODO: check +CVE-2019-17318 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) + TODO: check +CVE-2019-17317 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection ...) + TODO: check +CVE-2019-17316 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection ...) + TODO: check +CVE-2019-17315 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection ...) + TODO: check +CVE-2019-17314 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal ...) + TODO: check +CVE-2019-17313 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal ...) + TODO: check +CVE-2019-17312 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal ...) + TODO: check +CVE-2019-17311 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal ...) + TODO: check +CVE-2019-17310 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) + TODO: check +CVE-2019-17309 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) + TODO: check +CVE-2019-17308 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) + TODO: check +CVE-2019-17307 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) + TODO: check +CVE-2019-17306 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) + TODO: check +CVE-2019-17305 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) + TODO: check +CVE-2019-17304 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) + TODO: check +CVE-2019-17303 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) + TODO: check +CVE-2019-17302 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) + TODO: check +CVE-2019-17301 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) + TODO: check +CVE-2019-17300 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) + TODO: check +CVE-2019-17299 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) + TODO: check +CVE-2019-17298 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) + TODO: check +CVE-2019-17297 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) + TODO: check +CVE-2019-17296 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) + TODO: check +CVE-2019-17295 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) + TODO: check +CVE-2019-17294 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) + TODO: check +CVE-2019-17293 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) + TODO: check +CVE-2019-17292 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) + TODO: check +CVE-2019-17291 + RESERVED +CVE-2019-17290 + RESERVED +CVE-2019-17289 + RESERVED +CVE-2019-17288 + RESERVED +CVE-2019-17287 + RESERVED +CVE-2019-17286 + RESERVED +CVE-2019-17285 + RESERVED +CVE-2019-17284 + RESERVED +CVE-2019-17283 + RESERVED +CVE-2019-17282 + RESERVED +CVE-2019-17281 + RESERVED +CVE-2019-17280 + RESERVED +CVE-2019-17279 + RESERVED +CVE-2019-17278 + RESERVED +CVE-2019-17277 + RESERVED +CVE-2019-17276 + RESERVED +CVE-2019-17275 + RESERVED +CVE-2019-17274 + RESERVED +CVE-2019-17273 + RESERVED +CVE-2019-17272 + RESERVED CVE-2019-17271 RESERVED CVE-2019-17270 @@ -505,10 +601,10 @@ CVE-2019-17044 RESERVED CVE-2019-17043 RESERVED -CVE-2019-17042 - RESERVED -CVE-2019-17041 - RESERVED +CVE-2019-17042 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmc ...) + TODO: check +CVE-2019-17041 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfr ...) + TODO: check CVE-2019-17040 (contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bound ...) - rsyslog <unfixed> (unimportant) [buster] - rsyslog <not-affected> (Vulnerable code introduced later) @@ -825,20 +921,20 @@ CVE-2019-16904 (TeamPass 2.1.27.36 allows Stored XSS by setting a crafted passwo - teampass <itp> (bug #730180) CVE-2019-16903 (Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServ ...) NOT-FOR-US: Platinum UPnP SDK -CVE-2015-9456 - RESERVED -CVE-2015-9455 - RESERVED -CVE-2015-9454 - RESERVED -CVE-2015-9453 - RESERVED -CVE-2015-9452 - RESERVED -CVE-2015-9451 - RESERVED -CVE-2015-9450 - RESERVED +CVE-2015-9456 (The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has ...) + TODO: check +CVE-2015-9455 (The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSR ...) + TODO: check +CVE-2015-9454 (The smooth-slider plugin before 2.7 for WordPress has SQL Injection vi ...) + TODO: check +CVE-2015-9453 (The broken-link-manager plugin before 0.6.0 for WordPress has XSS via ...) + TODO: check +CVE-2015-9452 (The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPres ...) + TODO: check +CVE-2015-9451 (The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPre ...) + TODO: check +CVE-2015-9450 (The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPre ...) + TODO: check CVE-2019-16902 (In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformco ...) NOT-FOR-US: ARforms plugin for WordPress CVE-2019-16901 (Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain ...) @@ -2503,8 +2599,8 @@ CVE-2019-16265 RESERVED CVE-2019-16264 (In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado d ...) NOT-FOR-US: Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) -CVE-2019-16263 - RESERVED +CVE-2019-16263 (The Twitter Kit framework through 3.4.2 for iOS does not properly vali ...) + TODO: check CVE-2019-16262 RESERVED CVE-2019-16261 (Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST req ...) @@ -3565,8 +3661,8 @@ CVE-2019-15896 (An issue was discovered in the LifterLMS plugin through 3.34.5 f NOT-FOR-US: LifterLMS plugin for WordPress CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin before 1.2.4 for Wor ...) NOT-FOR-US: "Search Exclude" plugin for WordPress -CVE-2019-15894 - RESERVED +CVE-2019-15894 (An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, ...) + TODO: check CVE-2019-15893 RESERVED CVE-2019-15891 (An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3. ...) @@ -3920,18 +4016,18 @@ CVE-2017-18594 (nse_libssh2.cc in Nmap 7.70 is subject to a denial of service co NOTE: https://github.com/nmap/nmap/issues/1077 NOTE: https://github.com/nmap/nmap/issues/1227 NOTE: Crash in CLI tool, no security impact -CVE-2019-15751 - RESERVED -CVE-2019-15750 - RESERVED -CVE-2019-15749 - RESERVED -CVE-2019-15748 - RESERVED -CVE-2019-15747 - RESERVED -CVE-2019-15746 - RESERVED +CVE-2019-15751 (An unrestricted file upload vulnerability in SITOS six Build v6.2.1 al ...) + TODO: check +CVE-2019-15750 (A Cross-Site Scripting (XSS) vulnerability in the blog function in SIT ...) + TODO: check +CVE-2019-15749 (SITOS six Build v6.2.1 allows a user to change their password and reco ...) + TODO: check +CVE-2019-15748 (SITOS six Build v6.2.1 permits unauthorised users to upload and import ...) + TODO: check +CVE-2019-15747 (SITOS six Build v6.2.1 allows a user with the user role of Seminar Coo ...) + TODO: check +CVE-2019-15746 (SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP comm ...) + TODO: check CVE-2019-15745 (The Eques elf smart plug and the mobile app use a hardcoded AES 256 bi ...) NOT-FOR-US: Eques elf smart plug CVE-2019-15744 @@ -11645,7 +11741,7 @@ CVE-2019-13576 CVE-2019-13575 (A SQL injection vulnerability exists in WPEverest Everest Forms plugin ...) NOT-FOR-US: WPEverest Everest Forms plugin for WordPress CVE-2019-13574 (In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remo ...) - {DSA-4481-1} + {DSA-4481-1 DLA-1948-1} - ruby-mini-magick 4.9.2-1.1 (bug #931932) CVE-2019-13573 (A SQL injection vulnerability exists in the FolioVision FV Flowplayer ...) NOT-FOR-US: FolioVision FV Flowplayer Video Player plugin for WordPress @@ -13721,10 +13817,10 @@ CVE-2019-12814 (A Polymorphic Typing issue was discovered in FasterXML jackson-d NOTE: https://github.com/FasterXML/jackson-databind/commit/5f7c69bba07a7155adde130d9dee2e54a54f1fa5 CVE-2019-12813 (An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Re ...) NOT-FOR-US: Digital Persona U.are.U 4500 Fingerprint Reader -CVE-2019-12812 - RESERVED -CVE-2019-12811 - RESERVED +CVE-2019-12812 (MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbi ...) + TODO: check +CVE-2019-12811 (ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to ...) + TODO: check CVE-2019-12810 (A memory corruption vulnerability exists in the .PSD parsing functiona ...) NOT-FOR-US: ALSee CVE-2019-12809 (Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contai ...) @@ -18940,7 +19036,7 @@ CVE-2019-10894 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS NOTE: https://www.wireshark.org/security/wnpa-sec-2019-14.html CVE-2019-10893 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open So ...) NOT-FOR-US: CentOS-WebPanel.com -CVE-2019-10892 (An issue was discovered in D-Link DIR-806 devices.There is an stack ov ...) +CVE-2019-10892 (An issue was discovered in D-Link DIR-806 devices. There is a stack-ba ...) NOT-FOR-US: D-Link CVE-2019-10891 (An issue was discovered in D-Link DIR-806 devices. There is a command ...) NOT-FOR-US: D-Link @@ -38003,8 +38099,8 @@ CVE-2019-3747 (Dell EMC Integrated Data Protection Appliance versions prior to 2 NOT-FOR-US: EMC CVE-2019-3746 (Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do ...) NOT-FOR-US: EMC -CVE-2019-3745 - RESERVED +CVE-2019-3745 (The vulnerability is limited to the installers of Dell Encryption Ente ...) + TODO: check CVE-2019-3744 (Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a pri ...) NOT-FOR-US: Dell/Alienware Digital Delivery CVE-2019-3743 @@ -38125,8 +38221,8 @@ CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before a NOTE: When adressing this a related patch to make statd take the user-id from NOTE: /var/lib/nfs/sm is needed, cf. https://bugzilla.suse.com/show_bug.cgi?id=1150733#c3 NOTE: Neutralised by kernel hardening -CVE-2019-3688 - RESERVED +CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterpri ...) + TODO: check CVE-2019-3687 RESERVED CVE-2019-3686 @@ -52234,8 +52330,8 @@ CVE-2018-18381 (Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb NOT-FOR-US: Z-BlogPHP CVE-2018-18380 (A Session Fixation issue was discovered in Bigtree before 4.2.24. admi ...) NOT-FOR-US: Bigtree CMS -CVE-2018-18379 - RESERVED +CVE-2018-18379 (The elementor-edit-template class in wp-admin/customize.php in the Ele ...) + TODO: check CVE-2018-18378 RESERVED CVE-2018-18377 (goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attac ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c2f01338ad8e70ea6c0db1e346ff230cf105305 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c2f01338ad8e70ea6c0db1e346ff230cf105305 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits