[Git][security-tracker-team/security-tracker][master] automatic update

Mon Sep 9 09:10:26 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9fbfe95d by security tracker role at 2019-09-09T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2019-16148
+	RESERVED
+CVE-2019-16147
+	RESERVED
+CVE-2019-16146
+	RESERVED
+CVE-2019-16145
+	RESERVED
+CVE-2019-16144
+	RESERVED
+CVE-2019-16143
+	RESERVED
+CVE-2019-16142
+	RESERVED
+CVE-2019-16141
+	RESERVED
+CVE-2019-16140
+	RESERVED
+CVE-2019-16139
+	RESERVED
+CVE-2019-16138
+	RESERVED
+CVE-2019-16137
+	RESERVED
+CVE-2019-16136
+	RESERVED
+CVE-2019-16135
+	RESERVED
+CVE-2019-16134
+	RESERVED
+CVE-2019-16133 (An issue was discovered in eteams OA v4.0.34. Because the session is n ...)
+	TODO: check
+CVE-2019-16132 (An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control ...)
+	TODO: check
+CVE-2019-16131 (framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary ...)
+	TODO: check
+CVE-2019-16130 (YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.ph ...)
+	TODO: check
+CVE-2019-16129
+	RESERVED
+CVE-2019-16128
+	RESERVED
+CVE-2019-16127
+	RESERVED
+CVE-2019-16126 (Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaSc ...)
+	TODO: check
+CVE-2019-16125 (In Jobberbase 2.0, the parameter category is not sanitized in public/p ...)
+	TODO: check
+CVE-2019-16124 (In YouPHPTube 7.4, the file install/checkConfiguration.php has no acce ...)
+	TODO: check
+CVE-2019-16123 (In Kartatopia PilusCart 1.4.1, the parameter filename in the file cata ...)
+	TODO: check
+CVE-2019-16122
+	RESERVED
+CVE-2019-16121
+	RESERVED
+CVE-2019-16120 (CSV injection in the event-tickets (Event Tickets) plugin before 4.10. ...)
+	TODO: check
+CVE-2019-16119 (SQL injection in the photo-gallery (10Web Photo Gallery) plugin before ...)
+	TODO: check
+CVE-2019-16118 (Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery)  ...)
+	TODO: check
+CVE-2019-16117 (Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery)  ...)
+	TODO: check
+CVE-2019-16116
+	RESERVED
+CVE-2019-16115 (In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in ...)
+	TODO: check
+CVE-2019-16114
+	RESERVED
+CVE-2019-16113 (Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-im ...)
+	TODO: check
+CVE-2019-16112
+	RESERVED
+CVE-2019-16111
+	RESERVED
+CVE-2019-16110
+	RESERVED
+CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1. It confi ...)
+	TODO: check
+CVE-2019-16108
+	RESERVED
+CVE-2019-16107
+	RESERVED
+CVE-2018-21014
+	RESERVED
+CVE-2018-21013
+	RESERVED
+CVE-2018-21012
+	RESERVED
+CVE-2018-21011
+	RESERVED
 CVE-2019-16106
 	RESERVED
 CVE-2019-16105 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory t ...)
@@ -17378,6 +17470,7 @@ CVE-2019-10187 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7.
 CVE-2019-10186 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sess ...)
 	- moodle <removed>
 CVE-2019-10185 (It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was  ...)
+	{DLA-1914-1}
 	- icedtea-web 1.8.3-1 (bug #934319)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
 	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
@@ -17389,10 +17482,12 @@ CVE-2019-10183 (Virt-install(1) utility used to provision new virtual machines h
 	- virt-manager <not-affected> (Vulnerable code introduced in v2.2.0)
 	NOTE: https://www.redhat.com/archives/virt-tools-list/2019-July/msg00014.html
 CVE-2019-10182 (It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly  ...)
+	{DLA-1914-1}
 	- icedtea-web 1.8.3-1 (bug #934319)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
 	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
 CVE-2019-10181 (It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 e ...)
+	{DLA-1914-1}
 	- icedtea-web 1.8.3-1 (bug #934319)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
 	NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
@@ -19163,6 +19258,7 @@ CVE-2019-9855 (LibreOffice is typically bundled with LibreLogo, a programmable t
 	- libreoffice <not-affected> (Windows-specific)
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9855/
 CVE-2019-9854 (LibreOffice has a feature where documents can specify that pre-install ...)
+	{DSA-4519-1}
 	- libreoffice 1:6.3.1~rc2-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9854/
 CVE-2019-9853



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fbfe95db3b5bfef53fc060cb5dc6c38232dac66

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fbfe95db3b5bfef53fc060cb5dc6c38232dac66
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190909/a28e12f3/attachment.html>
