[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Oct 16 09:10:28 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a47f260 by security tracker role at 2019-10-16T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2019-17621
+	RESERVED
+CVE-2019-17620
+	RESERVED
+CVE-2019-17619
+	RESERVED
+CVE-2019-17618
+	RESERVED
+CVE-2019-17617
+	RESERVED
+CVE-2019-17616
+	RESERVED
+CVE-2019-17615
+	RESERVED
+CVE-2019-17614
+	RESERVED
+CVE-2019-17613 (qibosoft 7 allows remote code execution because do/jf.php makes eval c ...)
+	TODO: check
+CVE-2019-17612 (An issue was discovered in 74CMS v5.2.8. There is a SQL Injection gene ...)
+	TODO: check
+CVE-2019-17611
+	RESERVED
+CVE-2019-17610
+	RESERVED
+CVE-2019-17609
+	RESERVED
+CVE-2019-17608
+	RESERVED
+CVE-2019-17607
+	RESERVED
+CVE-2019-17606
+	RESERVED
+CVE-2019-17605
+	RESERVED
+CVE-2019-17604
+	RESERVED
+CVE-2019-17603
+	RESERVED
+CVE-2019-17602 (An issue was discovered in Zoho ManageEngine OpManager before 12.4 bui ...)
+	TODO: check
+CVE-2019-17601 (In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP ...)
+	TODO: check
+CVE-2016-11016 (NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. ...)
+	TODO: check
+CVE-2016-11015 (NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via ...)
+	TODO: check
+CVE-2016-11014 (NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control  ...)
+	TODO: check
 CVE-2019-17600 (Intelbras IWR 1000N 1.6.4 devices allows disclosure of the administrat ...)
 	NOT-FOR-US: Intelbras IWR 1000N devices
 CVE-2019-17599
@@ -640,16 +688,16 @@ CVE-2019-17400
 	RESERVED
 CVE-2019-17399 (The Shack Forms Pro extension before 4.0.32 for Joomla! allows path tr ...)
 	NOT-FOR-US: Shack Forms Pro extension for Joomla!
-CVE-2019-17398
-	RESERVED
+CVE-2019-17398 (In the Dark Horse Comics application 1.3.21 for Android, token informa ...)
+	TODO: check
 CVE-2019-17397 (In the DoorDash application through 11.5.2 for Android, the username a ...)
 	NOT-FOR-US: DoorDash application
-CVE-2019-17396
-	RESERVED
-CVE-2019-17395
-	RESERVED
-CVE-2019-17394
-	RESERVED
+CVE-2019-17396 (In the PowerSchool Mobile application 1.1.8 for Android, the username  ...)
+	TODO: check
+CVE-2019-17395 (In the Rapid Gator application 0.7.1 for Android, the username and pas ...)
+	TODO: check
+CVE-2019-17394 (In the Seesaw Parent and Family application 6.2.5 for Android, the use ...)
+	TODO: check
 CVE-2019-17393
 	RESERVED
 CVE-2019-17392
@@ -735,10 +783,10 @@ CVE-2019-17358
 	RESERVED
 CVE-2019-17357
 	RESERVED
-CVE-2019-17356
-	RESERVED
-CVE-2019-17355
-	RESERVED
+CVE-2019-17356 (The Infinite Design application 3.4.12 for Android sends a username an ...)
+	TODO: check
+CVE-2019-17355 (In the Orbitz application 19.31.1 for Android, the username and passwo ...)
+	TODO: check
 CVE-2019-17354 (wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C ...)
 	NOT-FOR-US: Zyxel
 CVE-2019-17353 (An issue discovered on D-Link DIR-615 devices with firmware version 20 ...)
@@ -1831,6 +1879,7 @@ CVE-2019-16868 (emlog through 6.0.0beta has an arbitrary file deletion vulnerabi
 CVE-2019-16867 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file par ...)
 	NOT-FOR-US: HongCMS
 CVE-2019-16866 (Unbound before 1.9.4 accesses uninitialized memory, which allows remot ...)
+	{DSA-4544-1}
 	- unbound 1.9.4-1 (bug #941692)
 	[stretch] - unbound <not-affected> (Vulnerable code introduced in 1.7.1)
 	[jessie] - unbound <not-affected> (Vulnerable code introduced in 1.7.1)
@@ -13033,8 +13082,8 @@ CVE-2019-13394
 	RESERVED
 CVE-2019-13393
 	RESERVED
-CVE-2019-13392
-	RESERVED
+CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette Na ...)
+	TODO: check
 CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has ...)
 	- imagemagick <unfixed> (bug #931633)
 	[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
@@ -22048,7 +22097,7 @@ CVE-2019-10093 (In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006m
 	NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/3
 	NOTE: https://github.com/apache/tika/commit/81c21ab0aac6b3e4102a1a8906c8c7eab6f96dae
 CVE-2019-10092 (In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting iss ...)
-	{DSA-4509-1 DLA-1900-1}
+	{DSA-4509-3 DSA-4509-1 DLA-1900-1}
 	- apache2 2.4.41-1
 	NOTE: Affects upstream versions 2.4.0 to 2.4.39
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10092



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a47f2605c9db4e5cf8ccea89bfb84e5f8064732

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a47f2605c9db4e5cf8ccea89bfb84e5f8064732
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191016/aa2d386a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list