Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
924b5d17 by security tracker role at 2019-12-26T08:10:15Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,76 @@
-CVE-2019-19977 [stack-based buffer over-read]
+CVE-2019-20003
+ RESERVED
+CVE-2019-20002
+ RESERVED
+CVE-2019-20001
+ RESERVED
+CVE-2019-20000 (The malware scan function in BullGuard Premium Protection
20.0.371.8 h ...)
+ TODO: check
+CVE-2019-19999 (Halo before 1.2.0-beta.1 allows Server Side Template Injection
(SSTI) ...)
+ TODO: check
+CVE-2019-19998 (Xiuno BBS 4.0 allows XXE via
plugin/xn_wechat_public/route/token.php. ...)
+ TODO: check
+CVE-2019-19997
+ RESERVED
+CVE-2019-19996
+ RESERVED
+CVE-2019-19995
+ RESERVED
+CVE-2019-19994
+ RESERVED
+CVE-2019-19993
+ RESERVED
+CVE-2019-19992
+ RESERVED
+CVE-2019-19991
+ RESERVED
+CVE-2019-19990
+ RESERVED
+CVE-2019-19989
+ RESERVED
+CVE-2019-19988
+ RESERVED
+CVE-2019-19987
+ RESERVED
+CVE-2019-19986
+ RESERVED
+CVE-2019-19985 (The WordPress plugin, Email Subscribers & Newsletters,
before 4.2. ...)
+ TODO: check
+CVE-2019-19984 (The WordPress plugin, Email Subscribers & Newsletters,
before 4.2. ...)
+ TODO: check
+CVE-2019-19983 (In the WordPress plugin, Fast Velocity Minify before 2.7.7,
the full w ...)
+ TODO: check
+CVE-2019-19982 (The WordPress plugin, Email Subscribers & Newsletters,
before 4.2. ...)
+ TODO: check
+CVE-2019-19981 (The WordPress plugin, Email Subscribers & Newsletters,
before 4.2. ...)
+ TODO: check
+CVE-2019-19980 (The WordPress plugin, Email Subscribers & Newsletters,
before 4.2. ...)
+ TODO: check
+CVE-2019-19979 (A flaw in the WordPress plugin, WP Maintenance before 5.0.6,
allowed a ...)
+ TODO: check
+CVE-2019-19978
+ RESERVED
+CVE-2019-19976
+ RESERVED
+CVE-2019-19975
+ RESERVED
+CVE-2019-19974
+ RESERVED
+CVE-2019-19973
+ RESERVED
+CVE-2019-19972
+ RESERVED
+CVE-2019-19971
+ RESERVED
+CVE-2019-19970
+ RESERVED
+CVE-2019-19969
+ RESERVED
+CVE-2019-19968
+ RESERVED
+CVE-2019-19967 (The Administration page on Connect Box EuroDOCSIS 3.0 Voice
Gateway CH ...)
+ TODO: check
+CVE-2019-19977 (libESMTP through 1.0.6 mishandles domain copying into a
fixed-size buf ...)
- libesmtp <unfixed> (unimportant)
NOTE:
https://github.com/Kirin-say/Vulnerabilities/blob/master/Stack_Overflow_in_libesmtp.md
NOTE: NTLM support not enabled in the Debian builds.
@@ -68096,8 +68168,8 @@ CVE-2018-18290 (** DISPUTED ** An issue was discovered
in nc-cms through 2017-03
NOT-FOR-US: nc-cms
CVE-2018-18289 (The MESILAT Zabbix plugin before 1.1.15 for Atlassian
Confluence allow ...)
NOT-FOR-US: Zabbix Plugin for Confluence
-CVE-2018-18288
- RESERVED
+CVE-2018-18288 (CrushFTP through 8.3.0 is vulnerable to credentials theft via
URL redi ...)
+ TODO: check
CVE-2018-18287 (On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers
can discov ...)
NOT-FOR-US: ASUS RT-AC58U devices
CVE-2018-18286 (SQL injection vulnerabilities in CMG Suite 8.4 SP2 and
earlier, could ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/924b5d17e500858dfb64f1240ae03617b2e3411e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/924b5d17e500858dfb64f1240ae03617b2e3411e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
