[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 18 Oct 2019 01:10:57 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
735bc21c by security tracker role at 2019-10-18T08:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2019-18195
+       RESERVED
+CVE-2019-18194
+       RESERVED
+CVE-2019-18193
+       RESERVED
 CVE-2020-0500
        RESERVED
 CVE-2020-0499
@@ -2129,38 +2135,38 @@ CVE-2019-17623
        RESERVED
 CVE-2019-17622
        RESERVED
-CVE-2019-17675
+CVE-2019-17675 (WordPress before 5.2.4 does not properly consider type 
confusion durin ...)
        - wordpress 5.2.4+dfsg1-1 (bug #942459)
        NOTE: 
https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
        NOTE: https://core.trac.wordpress.org/changeset/46477
        NOTE: 
https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0
        NOTE: 
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
-CVE-2019-17674
+CVE-2019-17674 (WordPress before 5.2.4 is vulnerable to stored XSS (cross-site 
scripti ...)
        - wordpress 5.2.4+dfsg1-1 (bug #942459)
        NOTE: 
https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
        NOTE: 
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
-CVE-2019-17673
+CVE-2019-17673 (WordPress before 5.2.4 is vulnerable to poisoning of the cache 
of JSON ...)
        - wordpress 5.2.4+dfsg1-1 (bug #942459)
        NOTE: 
https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
        NOTE: https://core.trac.wordpress.org/changeset/46478
        NOTE: 
https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de
        NOTE: 
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
-CVE-2019-17672
+CVE-2019-17672 (WordPress before 5.2.4 is vulnerable to a stored XSS attack to 
inject  ...)
        - wordpress 5.2.4+dfsg1-1 (bug #942459)
        NOTE: 
https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
        NOTE: 
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
-CVE-2019-17671
+CVE-2019-17671 (In WordPress before 5.2.4, unauthenticated viewing of certain 
content  ...)
        - wordpress 5.2.4+dfsg1-1 (bug #942459)
        NOTE: 
https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
        NOTE: https://core.trac.wordpress.org/changeset/46474
        NOTE: 
https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
-CVE-2019-17670
+CVE-2019-17670 (WordPress before 5.2.4 has a Server Side Request Forgery 
(SSRF) vulner ...)
        - wordpress 5.2.4+dfsg1-1 (bug #942459)
        NOTE: 
https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
        NOTE: https://core.trac.wordpress.org/changeset/46472
        NOTE: 
https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
        NOTE: 
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
-CVE-2019-17669
+CVE-2019-17669 (WordPress before 5.2.4 has a Server Side Request Forgery 
(SSRF) vulner ...)
        - wordpress 5.2.4+dfsg1-1 (bug #942459)
        NOTE: 
https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
        NOTE: https://core.trac.wordpress.org/changeset/46475
@@ -2530,8 +2536,8 @@ CVE-2019-17515
        RESERVED
 CVE-2019-17514 (library/glob.html in the Python 2 and 3 documentation before 
2016 has  ...)
        NOT-FOR-US: Non-actionable CVE assignment for Python docs
-CVE-2019-17513
-       RESERVED
+CVE-2019-17513 (An issue was discovered in Ratpack before 1.7.5. Due to a 
misuse of th ...)
+       TODO: check
 CVE-2019-17512 (There are some web interfaces without authentication 
requirements on D ...)
        NOT-FOR-US: D-Link
 CVE-2019-17511 (There are some web interfaces without authentication 
requirements on D ...)
@@ -7504,10 +7510,10 @@ CVE-2019-15629
        RESERVED
 CVE-2019-15628
        RESERVED
-CVE-2019-15627
-       RESERVED
-CVE-2019-15626
-       RESERVED
+CVE-2019-15627 (Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security 
Agent ar ...)
+       TODO: check
+CVE-2019-15626 (The Deep Security Manager application (Versions 10.0, 11.0 and 
12.0),  ...)
+       TODO: check
 CVE-2019-15625
        RESERVED
 CVE-2019-15624
@@ -9205,12 +9211,12 @@ CVE-2019-15068 (A broken access control vulnerability 
in Smart Battery A4, a mul
        NOT-FOR-US: Smart Battery
 CVE-2019-15067 (An authentication bypass vulnerability discovered in Smart 
Battery A2- ...)
        NOT-FOR-US: Smart Battery
-CVE-2019-15066
-       RESERVED
-CVE-2019-15065
-       RESERVED
-CVE-2019-15064
-       RESERVED
+CVE-2019-15066 (An &#8220;invalid command&#8221; handler issue was discovered 
in HiNet ...)
+       TODO: check
+CVE-2019-15065 (A service which is hosted on port 6998 in HiNet GPON firmware 
&lt; I04 ...)
+       TODO: check
+CVE-2019-15064 (HiNet GPON firmware version &lt; I040GWR190731 allows an 
attacker logi ...)
+       TODO: check
 CVE-2017-18525 (The megamenu plugin before 2.4 for WordPress has XSS. ...)
        NOT-FOR-US: megamenu plugin for WordPress
 CVE-2017-18524 (The football-pool plugin before 2.6.5 for WordPress has 
multiple XSS i ...)
@@ -15248,14 +15254,14 @@ CVE-2019-13414 (The Rencontre plugin before 3.1.3 for 
WordPress allows XSS via i
        NOT-FOR-US: Wordpress plugin
 CVE-2019-13413 (The Rencontre plugin before 3.1.3 for WordPress allows SQL 
Injection v ...)
        NOT-FOR-US: Wordpress plugin
-CVE-2019-13412
-       RESERVED
+CVE-2019-13412 (A service which is hosted on port 3097 in HiNet GPON firmware 
&lt; I04 ...)
+       TODO: check
 CVE-2019-13411 (An &#8220;invalid command&#8221; handler issue was discovered 
in HiNet ...)
        NOT-FOR-US: HiNet GPON firmware
-CVE-2019-13410
-       RESERVED
-CVE-2019-13409
-       RESERVED
+CVE-2019-13410 (TOPMeeting before version 8.8 (2019/08/19) shows attendees 
account and ...)
+       TODO: check
+CVE-2019-13409 (A SQL injection vulnerability was discovered in TOPMeeting 
before vers ...)
+       TODO: check
 CVE-2019-13408 (A relative path traversal vulnerability found in Advan VD-1 
firmware v ...)
        NOT-FOR-US: Advan VD-1 firmware
 CVE-2019-13407 (A XSS found in Advan VD-1 firmware versions up to 230. VD-1 
responses  ...)
@@ -30373,140 +30379,140 @@ CVE-2019-8228
        RESERVED
 CVE-2019-8227
        RESERVED
-CVE-2019-8226
-       RESERVED
-CVE-2019-8225
-       RESERVED
-CVE-2019-8224
-       RESERVED
-CVE-2019-8223
-       RESERVED
-CVE-2019-8222
-       RESERVED
-CVE-2019-8221
-       RESERVED
-CVE-2019-8220
-       RESERVED
-CVE-2019-8219
-       RESERVED
-CVE-2019-8218
-       RESERVED
-CVE-2019-8217
-       RESERVED
-CVE-2019-8216
-       RESERVED
-CVE-2019-8215
-       RESERVED
-CVE-2019-8214
-       RESERVED
-CVE-2019-8213
-       RESERVED
-CVE-2019-8212
-       RESERVED
-CVE-2019-8211
-       RESERVED
-CVE-2019-8210
-       RESERVED
-CVE-2019-8209
-       RESERVED
-CVE-2019-8208
-       RESERVED
-CVE-2019-8207
-       RESERVED
-CVE-2019-8206
-       RESERVED
-CVE-2019-8205
-       RESERVED
-CVE-2019-8204
-       RESERVED
-CVE-2019-8203
-       RESERVED
-CVE-2019-8202
-       RESERVED
-CVE-2019-8201
-       RESERVED
-CVE-2019-8200
-       RESERVED
-CVE-2019-8199
-       RESERVED
-CVE-2019-8198
-       RESERVED
-CVE-2019-8197
-       RESERVED
-CVE-2019-8196
-       RESERVED
-CVE-2019-8195
-       RESERVED
-CVE-2019-8194
-       RESERVED
-CVE-2019-8193
-       RESERVED
-CVE-2019-8192
-       RESERVED
-CVE-2019-8191
-       RESERVED
-CVE-2019-8190
-       RESERVED
-CVE-2019-8189
-       RESERVED
-CVE-2019-8188
-       RESERVED
-CVE-2019-8187
-       RESERVED
-CVE-2019-8186
-       RESERVED
-CVE-2019-8185
-       RESERVED
-CVE-2019-8184
-       RESERVED
-CVE-2019-8183
-       RESERVED
-CVE-2019-8182
-       RESERVED
-CVE-2019-8181
-       RESERVED
-CVE-2019-8180
-       RESERVED
-CVE-2019-8179
-       RESERVED
-CVE-2019-8178
-       RESERVED
-CVE-2019-8177
-       RESERVED
-CVE-2019-8176
-       RESERVED
-CVE-2019-8175
-       RESERVED
-CVE-2019-8174
-       RESERVED
-CVE-2019-8173
-       RESERVED
-CVE-2019-8172
-       RESERVED
-CVE-2019-8171
-       RESERVED
-CVE-2019-8170
-       RESERVED
-CVE-2019-8169
-       RESERVED
-CVE-2019-8168
-       RESERVED
-CVE-2019-8167
-       RESERVED
-CVE-2019-8166
-       RESERVED
-CVE-2019-8165
-       RESERVED
-CVE-2019-8164
-       RESERVED
-CVE-2019-8163
-       RESERVED
-CVE-2019-8162
-       RESERVED
-CVE-2019-8161
-       RESERVED
-CVE-2019-8160
-       RESERVED
+CVE-2019-8226 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8225 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8224 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8223 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8222 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8221 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8220 (Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 
2017.01 ...)
+       TODO: check
+CVE-2019-8219 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8218 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8217 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8216 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8215 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8214 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8213 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8212 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8211 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8210 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8209 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8208 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8207 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8206 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8205 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8204 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8203 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8202 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8201 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8200 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8199 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8198 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8197 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8196 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8195 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8194 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8193 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8192 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8191 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8190 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8189 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8188 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8187 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8186 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8185 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8184 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8183 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8182 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8181 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8180 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8179 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8178 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8177 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8176 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8175 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8174 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8173 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8172 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8171 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8170 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8169 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8168 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8167 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8166 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8165 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8164 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8163 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8162 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8161 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
+CVE-2019-8160 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
 CVE-2019-8159
        RESERVED
 CVE-2019-8158
@@ -30697,8 +30703,8 @@ CVE-2019-8066
        RESERVED
 CVE-2019-8065
        RESERVED
-CVE-2019-8064
-       RESERVED
+CVE-2019-8064 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 
2017.0 ...)
+       TODO: check
 CVE-2019-8063 (Creative Cloud Desktop Application 4.6.1 and earlier versions 
have an  ...)
        NOT-FOR-US: Creative Cloud Desktop Application
 CVE-2019-8062 (Adobe After Effects versions 16 and earlier have an insecure 
library l ...)
@@ -34634,12 +34640,10 @@ CVE-2019-6478
        RESERVED
 CVE-2019-6477
        RESERVED
-CVE-2019-6476 [flaw in QNAME minimization that can lead to an assertion 
failure]
-       RESERVED
+CVE-2019-6476 (A defect in code added to support QNAME minimization can cause 
named t ...)
        - bind9 <not-affected> (Vulnerable code not present)
        NOTE: https://kb.isc.org/docs/cve-2019-6476
-CVE-2019-6475 [DNSSEC validation bypass for mirror zones]
-       RESERVED
+CVE-2019-6475 (Mirror zones are a BIND feature allowing recursive servers to 
pre-cach ...)
        - bind9 <not-affected> (Vulnerable code not present)
        NOTE: https://kb.isc.org/docs/cve-2019-6475
 CVE-2019-6474 (A missing check on incoming client requests can be exploited to 
cause  ...)
@@ -41274,7 +41278,7 @@ CVE-2019-3740 (RSA BSAFE Crypto-J versions prior to 
6.2.5 are vulnerable to an I
        NOT-FOR-US: RSA
 CVE-2019-3739 (RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to 
Informati ...)
        NOT-FOR-US: RSA
-CVE-2019-3738 (RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an 
Improp ...)
+CVE-2019-3738 (RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a 
Missing ...)
        NOT-FOR-US: RSA
 CVE-2019-3737 (Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are 
affected by a ...)
        NOT-FOR-US: Dell EMC Avamar ADMe Web Interface



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/735bc21c9f3dc17c3a5bc40f1a4358cfe1c85c42

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/735bc21c9f3dc17c3a5bc40f1a4358cfe1c85c42
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to