[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Oct 18 21:10:41 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f3edf7fa by security tracker role at 2019-10-18T20:10:28Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2514,8 +2514,8 @@ CVE-2019-17528 (An issue was discovered in Bento4 1.5.1.0. There is a SEGV in th
 	NOT-FOR-US: Bento4
 CVE-2019-17527
 	RESERVED
-CVE-2019-17526
-	RESERVED
+CVE-2019-17526 (** DISPUTED ** An issue was discovered in SageMath Sage Cell Server th ...)
+	TODO: check
 CVE-2019-17525
 	RESERVED
 CVE-2019-17524
@@ -2894,8 +2894,8 @@ CVE-2019-17395 (In the Rapid Gator application 0.7.1 for Android, the username a
 	NOT-FOR-US: Rapid Gator application
 CVE-2019-17394 (In the Seesaw Parent and Family application 6.2.5 for Android, the use ...)
 	NOT-FOR-US: Seesaw Parent and Family application
-CVE-2019-17393
-	RESERVED
+CVE-2019-17393 (The Customer's Tomedo Server in Version 1.7.3 communicates to the Vend ...)
+	TODO: check
 CVE-2019-17392
 	RESERVED
 CVE-2019-17391
@@ -2951,8 +2951,8 @@ CVE-2019-17369 (OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel pa
 	NOT-FOR-US: OTCMS
 CVE-2019-17368 (S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from par ...)
 	NOT-FOR-US: S-CMS
-CVE-2019-17367
-	RESERVED
+CVE-2019-17367 (OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/ra ...)
+	TODO: check
 CVE-2019-17366 (Citrix Application Delivery Management (ADM) 12.1 before build 54.13 h ...)
 	NOT-FOR-US: Citrix
 CVE-2019-17365 (Nix through 2.3 allows local users to gain access to an arbitrary user ...)
@@ -3271,8 +3271,8 @@ CVE-2019-17209
 	RESERVED
 CVE-2019-17208
 	RESERVED
-CVE-2019-17207
-	RESERVED
+CVE-2019-17207 (A reflected XSS vulnerability was found in includes/admin/table-printe ...)
+	TODO: check
 CVE-2019-17206 (Uncontrolled deserialization of a pickled object in models.py in Frost ...)
 	NOT-FOR-US: Frost Ming rediswrapper
 CVE-2019-17205 (TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the usern ...)
@@ -3907,9 +3907,9 @@ CVE-2019-16929 (Auth0 auth0.net before 6.5.4 has Incorrect Access Control becaus
 	NOT-FOR-US: Auth0 auth0.net
 CVE-2019-16927 (Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the ...)
 	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
-CVE-2019-16926 (Flower 0.9.3 has XSS via a crafted worker name. ...)
+CVE-2019-16926 (** DISPUTED ** Flower 0.9.3 has XSS via a crafted worker name. NOTE: T ...)
 	NOT-FOR-US: Flower
-CVE-2019-16925 (Flower 0.9.3 has XSS via the name parameter in an @app.task call. ...)
+CVE-2019-16925 (** DISPUTED ** Flower 0.9.3 has XSS via the name parameter in an @app. ...)
 	NOT-FOR-US: Flower
 CVE-2019-16924 (The Nulock application 1.5.0 for mobile devices sends a cleartext pass ...)
 	NOT-FOR-US: Nulock
@@ -3930,8 +3930,8 @@ CVE-2019-16928 (Exim 4.92 through 4.92.2 allows remote code execution, a differe
 	NOTE: https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=2449
 	NOTE: https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f
-CVE-2019-16919
-	RESERVED
+CVE-2019-16919 (Harbor API has a Broken Access Control vulnerability. The vulnerabilit ...)
+	TODO: check
 CVE-2019-16918
 	RESERVED
 CVE-2019-16917 (WiKID Enterprise 2FA (two factor authentication) Enterprise Server thr ...)
@@ -4428,6 +4428,7 @@ CVE-2019-16740
 CVE-2019-16739
 	RESERVED
 CVE-2019-16738 (In MediaWiki through 1.33.0, Special:Redirect allows information discl ...)
+	{DSA-4545-1}
 	- mediawiki 1:1.31.4-1
 	NOTE: https://phabricator.wikimedia.org/T230402
 CVE-2019-16737
@@ -6739,10 +6740,10 @@ CVE-2019-15902 (A backporting error was discovered in the Linux stable/longterm
 	- linux <unfixed>
 	[jessie] - linux <not-affected> (Bug never introduced)
 	NOTE: https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php
-CVE-2019-15901
-	RESERVED
-CVE-2019-15900
-	RESERVED
+CVE-2019-15901 (An issue was discovered in slicer69 doas before 6.2 on certain platfor ...)
+	TODO: check
+CVE-2019-15900 (An issue was discovered in slicer69 doas before 6.2 on certain platfor ...)
+	TODO: check
 CVE-2019-15899
 	RESERVED
 CVE-2019-15898 (Nagios Log Server before 2.0.8 allows Reflected XSS via the username o ...)
@@ -14941,16 +14942,16 @@ CVE-2019-13547
 	RESERVED
 CVE-2019-13546
 	RESERVED
-CVE-2019-13545
-	RESERVED
+CVE-2019-13545 (In Horner Automation Cscape 9.90 and prior, improper validation of dat ...)
+	TODO: check
 CVE-2019-13544 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-b ...)
 	NOT-FOR-US: Delta Electronics TPEditor
 CVE-2019-13543
 	RESERVED
 CVE-2019-13542 (3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all version ...)
 	NOT-FOR-US: 3S-Smart
-CVE-2019-13541
-	RESERVED
+CVE-2019-13541 (In Horner Automation Cscape 9.90 and prior, an improper input validati ...)
+	TODO: check
 CVE-2019-13540 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-ba ...)
 	NOT-FOR-US: Delta Electronics TPEditor
 CVE-2019-13539



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3edf7fa20d257c5f90045737da1d398e62f427b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3edf7fa20d257c5f90045737da1d398e62f427b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191018/8c307741/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list