[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 24 21:10:34 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6aa19172 by security tracker role at 2019-10-24T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2019-18419 (A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB ...)
+ TODO: check
+CVE-2019-18418 (clonos.php in ClonOS WEB control panel 19.09 allows remote attackers t ...)
+ TODO: check
+CVE-2019-18417 (Sourcecodester Restaurant Management System 1.0 allows an authenticate ...)
+ TODO: check
+CVE-2019-18416 (Sourcecodester Restaurant Management System 1.0 allows XSS via the Las ...)
+ TODO: check
+CVE-2019-18415 (Sourcecodester Restaurant Management System 1.0 allows XSS via the "se ...)
+ TODO: check
+CVE-2019-18414 (Sourcecodester Restaurant Management System 1.0 is affected by an admi ...)
+ TODO: check
+CVE-2019-18413 (In TypeStack class-validator 0.10.2, validate() input validation can b ...)
+ TODO: check
+CVE-2019-18412
+ RESERVED
+CVE-2019-18411
+ RESERVED
+CVE-2019-18410
+ RESERVED
+CVE-2019-18409 (The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local pr ...)
+ TODO: check
+CVE-2019-18408 (archive_read_format_rar_read_data in archive_read_support_format_rar.c ...)
+ TODO: check
+CVE-2019-18407
+ RESERVED
+CVE-2019-18406
+ RESERVED
+CVE-2019-18405
+ RESERVED
+CVE-2019-18404
+ RESERVED
+CVE-2019-18403
+ RESERVED
+CVE-2019-18402
+ RESERVED
+CVE-2019-18401
+ RESERVED
+CVE-2019-18400
+ RESERVED
+CVE-2019-18399
+ RESERVED
+CVE-2019-18398
+ RESERVED
+CVE-2019-18397
+ RESERVED
+CVE-2019-18396
+ RESERVED
+CVE-2019-18395
+ RESERVED
+CVE-2019-18394 (A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.j ...)
+ TODO: check
+CVE-2019-18393 (PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ...)
+ TODO: check
CVE-2019-18392
RESERVED
CVE-2019-18391
@@ -394,20 +448,20 @@ CVE-2019-18203 (On the RICOH MP 501 printer, HTML Injection and Stored XSS vulne
NOT-FOR-US: Ricoh
CVE-2019-18202 (Information Disclosure is possible on WAGO Series PFC100 and PFC200 de ...)
NOT-FOR-US: WAGO Series PFC100 and PFC200 devices
-CVE-2019-18201
- RESERVED
-CVE-2019-18200
- RESERVED
-CVE-2019-18199
- RESERVED
+CVE-2019-18201 (An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 d ...)
+ TODO: check
+CVE-2019-18200 (An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 d ...)
+ TODO: check
+CVE-2019-18199 (An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 d ...)
+ TODO: check
CVE-2019-18197 (In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable i ...)
- libxslt <unfixed> (bug #942646)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
-CVE-2019-18196
- RESERVED
+CVE-2019-18196 (A DLL side loading vulnerability in the Windows Service in TeamViewer ...)
+ TODO: check
CVE-2019-18198 (In the Linux kernel before 5.3.4, a reference count usage error in the ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/ca7a03c4175366a92cee0ccc4fec0038c3266e26
@@ -2696,8 +2750,8 @@ CVE-2019-17583 (idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial
NOT-FOR-US: idreamsoft iCMS
CVE-2019-17582
RESERVED
-CVE-2019-17581
- RESERVED
+CVE-2019-17581 (tonyy dormsystem through 1.3 allows DOM XSS. ...)
+ TODO: check
CVE-2019-17580 (tonyy dormsystem through 1.3 allows SQL Injection in admin.php. ...)
NOT-FOR-US: tonyy dormsystem
CVE-2019-17579 (SonarSource SonarQube before 7.8 has XSS in project links on account/p ...)
@@ -7070,8 +7124,8 @@ CVE-2019-15931
RESERVED
CVE-2019-15930
RESERVED
-CVE-2019-15929
- RESERVED
+CVE-2019-15929 (In Craft CMS through 3.1.7, the elevated session password prompt was n ...)
+ TODO: check
CVE-2019-15928
RESERVED
CVE-2019-15927 (An issue was discovered in the Linux kernel before 4.20.2. An out-of-b ...)
@@ -7768,8 +7822,8 @@ CVE-2019-15705
RESERVED
CVE-2019-15704
RESERVED
-CVE-2019-15703
- RESERVED
+CVE-2019-15703 (An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2. ...)
+ TODO: check
CVE-2019-15702 (In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the pars ...)
NOT-FOR-US: RIOT RIOT-OS
CVE-2019-15701 (components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote atta ...)
@@ -14122,16 +14176,16 @@ CVE-2019-13655 (Imgix through 2019-06-19 allows remote attackers to cause a deni
NOT-FOR-US: Imgix
CVE-2019-13654
RESERVED
-CVE-2019-13653
- RESERVED
-CVE-2019-13652
- RESERVED
-CVE-2019-13651
- RESERVED
-CVE-2019-13650
- RESERVED
-CVE-2019-13649
- RESERVED
+CVE-2019-13653 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow trig ...)
+ TODO: check
+CVE-2019-13652 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serv ...)
+ TODO: check
+CVE-2019-13651 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow port ...)
+ TODO: check
+CVE-2019-13650 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow inte ...)
+ TODO: check
+CVE-2019-13649 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow exte ...)
+ TODO: check
CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform, when hardwa ...)
{DSA-4497-1 DSA-4495-1 DLA-1885-1}
- linux 5.2.6-1
@@ -19373,10 +19427,10 @@ CVE-2019-12097 (Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of Enab
NOT-FOR-US: Telerik Fiddler
CVE-2019-12096
RESERVED
-CVE-2019-12095
- RESERVED
-CVE-2019-12094
- RESERVED
+CVE-2019-12095 (Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 ...)
+ TODO: check
+CVE-2019-12094 (Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin ...)
+ TODO: check
CVE-2019-12093
RESERVED
CVE-2019-12092
@@ -19546,8 +19600,8 @@ CVE-2019-12019
RESERVED
CVE-2019-12018
RESERVED
-CVE-2019-12017
- RESERVED
+CVE-2019-12017 (A remote code execution vulnerability exists in MapR CLDB code, specif ...)
+ TODO: check
CVE-2019-12016
RESERVED
CVE-2019-12015
@@ -22364,8 +22418,8 @@ CVE-2019-11023 (The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz
NOTE: Crash in CLI tool, no security impact
CVE-2019-11022
RESERVED
-CVE-2019-11021
- RESERVED
+CVE-2019-11021 (admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unre ...)
+ TODO: check
CVE-2019-11020 (Lack of authentication in file-viewing components in DDRT Dashcom Live ...)
NOT-FOR-US: DDRT Dashcom
CVE-2019-11019 (Lack of authentication in case-exporting components in DDRT Dashcom Li ...)
@@ -26926,8 +26980,8 @@ CVE-2019-9701 (DLP 15.5 MP1 and all prior versions may be susceptible to a cross
NOT-FOR-US: DLP (Symantec)
CVE-2019-9700 (Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an ...)
NOT-FOR-US: Norton Password Manager
-CVE-2019-9699
- RESERVED
+CVE-2019-9699 (Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an ...)
+ TODO: check
CVE-2019-9698 (Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbit ...)
NOT-FOR-US: Symantec
CVE-2019-9697 (An information disclosure vulnerability in the Management Center (MC) ...)
@@ -31242,12 +31296,12 @@ CVE-2019-8082
RESERVED
CVE-2019-8081
RESERVED
-CVE-2019-8080
- RESERVED
-CVE-2019-8079
- RESERVED
-CVE-2019-8078
- RESERVED
+CVE-2019-8080 (Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site ...)
+ TODO: check
+CVE-2019-8079 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a s ...)
+ TODO: check
+CVE-2019-8078 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cr ...)
+ TODO: check
CVE-2019-8077 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
NOT-FOR-US: Adobe
CVE-2019-8076 (Adobe application manager installer version 10.0 have an Insecure Libr ...)
@@ -34708,8 +34762,8 @@ CVE-2019-6694
RESERVED
CVE-2019-6693
RESERVED
-CVE-2019-6692
- RESERVED
+CVE-2019-6692 (A malicious DLL preload vulnerability in Fortinet FortiClient for Wind ...)
+ TODO: check
CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=bac ...)
NOT-FOR-US: phpwind
CVE-2019-6690 (python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg t ...)
@@ -38983,10 +39037,10 @@ CVE-2019-5015 (A local privilege escalation vulnerability exists in the Mac OS X
NOT-FOR-US: Apple
CVE-2019-5014 (An exploitable improper access control vulnerability exists in the blu ...)
NOT-FOR-US: Winco Fireworks FireFly FW-1007
-CVE-2019-5013
- RESERVED
-CVE-2019-5012
- RESERVED
+CVE-2019-5013 (An exploitable privilege escalation vulnerability exists in the Wacom, ...)
+ TODO: check
+CVE-2019-5012 (An exploitable privilege escalation vulnerability exists in the Wacom, ...)
+ TODO: check
CVE-2019-5011 (An exploitable privilege escalation vulnerability exists in the helper ...)
NOT-FOR-US: CleanMyMac
CVE-2019-5010 [NULL pointer dereference using a specially crafted X509 certificate]
@@ -40069,8 +40123,8 @@ CVE-2019-4488
RESERVED
CVE-2019-4487
RESERVED
-CVE-2019-4486
- RESERVED
+CVE-2019-4486 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
+ TODO: check
CVE-2019-4485 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...)
NOT-FOR-US: IBM
CVE-2019-4484 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...)
@@ -40123,8 +40177,8 @@ CVE-2019-4461
RESERVED
CVE-2019-4460 (IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a ...)
NOT-FOR-US: IBM
-CVE-2019-4459
- RESERVED
+CVE-2019-4459 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
+ TODO: check
CVE-2019-4458
RESERVED
CVE-2019-4457
@@ -40245,10 +40299,10 @@ CVE-2019-4400
RESERVED
CVE-2019-4399
RESERVED
-CVE-2019-4398
- RESERVED
-CVE-2019-4397
- RESERVED
+CVE-2019-4398 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
+ TODO: check
+CVE-2019-4397 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
+ TODO: check
CVE-2019-4396
RESERVED
CVE-2019-4395
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6aa19172dcff64633237f16a26b255c562201d08
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6aa19172dcff64633237f16a26b255c562201d08
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191024/c7a4ab8c/attachment.html>
More information about the debian-security-tracker-commits
mailing list