[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Dec 6 08:10:34 GMT 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c75c8f4 by security tracker role at 2019-12-06T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-19621
+	RESERVED
+CVE-2019-19620
+	RESERVED
+CVE-2019-19619 (domain/section/markdown/markdown.go in Documize before 3.5.1 mishandle ...)
+	TODO: check
+CVE-2019-19618
+	RESERVED
+CVE-2019-19617 (phpMyAdmin before 4.9.2 does not escape certain Git information, relat ...)
+	TODO: check
+CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia ...)
+	TODO: check
+CVE-2019-19615
+	RESERVED
+CVE-2019-19614
+	RESERVED
+CVE-2019-19613
+	RESERVED
+CVE-2019-19612
+	RESERVED
+CVE-2019-19611
+	RESERVED
+CVE-2019-19610
+	RESERVED
+CVE-2019-19609 (The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Co ...)
+	TODO: check
 CVE-2019-19608
 	RESERVED
 CVE-2019-19607
@@ -11892,12 +11918,12 @@ CVE-2019-16772
 	RESERVED
 CVE-2019-16771
 	RESERVED
-CVE-2019-16770
-	RESERVED
+CVE-2019-16770 (A poorly-behaved client could use keepalive requests to monopolize Pum ...)
+	TODO: check
 CVE-2019-16769 (Affected versions of this package are vulnerable to Cross-site Scripti ...)
 	TODO: check
-CVE-2019-16768
-	RESERVED
+CVE-2019-16768 (Exception messages from internal exceptions (like database exception)  ...)
+	TODO: check
 CVE-2019-16767 (The admin sys mode is now conditional and dedicated for the special ca ...)
 	NOT-FOR-US: ezmaster
 CVE-2019-16766 (When using wagtail-2fa before 1.3.0, if someone gains access to someon ...)
@@ -280434,8 +280460,7 @@ CVE-2012-1593 (epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wiresh
 	- wireshark 1.6.6-1 (unimportant; bug #666058)
 	[squeeze] - wireshark 1.2.11-6+squeeze7
 	NOTE: Not suitable for code injection
-CVE-2012-1592
-	RESERVED
+CVE-2012-1592 (A local code execution issue exists in Apache Struts2 when processing  ...)
 	- libstruts1.2-java <not-affected> (Only applies to Struts 2, see bug #657870)
 CVE-2012-1591 (The image module in Drupal 7.x before 7.14 does not properly check per ...)
 	- drupal7 7.14-1 (bug #671402)
@@ -281518,14 +281543,12 @@ CVE-2012-1117 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5
 	NOT-FOR-US: Joomla!
 CVE-2012-1116 (SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 al ...)
 	NOT-FOR-US: Joomla!
-CVE-2012-1115
-	RESERVED
+CVE-2012-1115 (A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Mana ...)
 	- phpldapadmin 1.2.2-3 (low; bug #662050)
 	[squeeze] - phpldapadmin <no-dsa> (Minor issue)
 	- ldap-account-manager 3.6-2 (low; bug #661904)
 	[squeeze] - ldap-account-manager <no-dsa> (Minor issue)
-CVE-2012-1114
-	RESERVED
+CVE-2012-1114 (A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Mana ...)
 	- phpldapadmin 1.2.2-3 (low; bug #662050)
 	[squeeze] - phpldapadmin <no-dsa> (Minor issue)
 	- ldap-account-manager 3.6-2 (low; bug #661904)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c75c8f4812bcfda5e3573a6bd1ea540ae7c0628

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8c75c8f4812bcfda5e3573a6bd1ea540ae7c0628
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191206/2d42e985/attachment.html>


More information about the debian-security-tracker-commits mailing list