[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Sep 25 09:10:56 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03695937 by security tracker role at 2019-09-25T08:10:32Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,219 @@
+CVE-2019-16865
+	RESERVED
+CVE-2019-16864
+	RESERVED
+CVE-2019-16863
+	RESERVED
+CVE-2019-16862
+	RESERVED
+CVE-2019-16861
+	RESERVED
+CVE-2019-16860
+	RESERVED
+CVE-2019-16859
+	RESERVED
+CVE-2019-16858
+	RESERVED
+CVE-2019-16857
+	RESERVED
+CVE-2019-16856
+	RESERVED
+CVE-2019-16855
+	RESERVED
+CVE-2019-16854
+	RESERVED
+CVE-2019-16853
+	RESERVED
+CVE-2019-16852
+	RESERVED
+CVE-2019-16851
+	RESERVED
+CVE-2019-16850
+	RESERVED
+CVE-2019-16849
+	RESERVED
+CVE-2019-16848
+	RESERVED
+CVE-2019-16847
+	RESERVED
+CVE-2019-16846
+	RESERVED
+CVE-2019-16845
+	RESERVED
+CVE-2019-16844
+	RESERVED
+CVE-2019-16843
+	RESERVED
+CVE-2019-16842
+	RESERVED
+CVE-2019-16841
+	RESERVED
+CVE-2019-16840
+	RESERVED
+CVE-2019-16839
+	RESERVED
+CVE-2019-16838
+	RESERVED
+CVE-2019-16837
+	RESERVED
+CVE-2019-16836
+	RESERVED
+CVE-2019-16835
+	RESERVED
+CVE-2019-16834
+	RESERVED
+CVE-2019-16833
+	RESERVED
+CVE-2019-16832
+	RESERVED
+CVE-2019-16831
+	RESERVED
+CVE-2019-16830
+	RESERVED
+CVE-2019-16829
+	RESERVED
+CVE-2019-16828
+	RESERVED
+CVE-2019-16827
+	RESERVED
+CVE-2019-16826
+	RESERVED
+CVE-2019-16825
+	RESERVED
+CVE-2019-16824
+	RESERVED
+CVE-2019-16823
+	RESERVED
+CVE-2019-16822
+	RESERVED
+CVE-2019-16821
+	RESERVED
+CVE-2019-16820
+	RESERVED
+CVE-2019-16819
+	RESERVED
+CVE-2019-16818
+	RESERVED
+CVE-2019-16817
+	RESERVED
+CVE-2019-16816
+	RESERVED
+CVE-2019-16815
+	RESERVED
+CVE-2019-16814
+	RESERVED
+CVE-2019-16813
+	RESERVED
+CVE-2019-16812
+	RESERVED
+CVE-2019-16811
+	RESERVED
+CVE-2019-16810
+	RESERVED
+CVE-2019-16809
+	RESERVED
+CVE-2019-16808
+	RESERVED
+CVE-2019-16807
+	RESERVED
+CVE-2019-16806
+	RESERVED
+CVE-2019-16805
+	RESERVED
+CVE-2019-16804
+	RESERVED
+CVE-2019-16803
+	RESERVED
+CVE-2019-16802
+	RESERVED
+CVE-2019-16801
+	RESERVED
+CVE-2019-16800
+	RESERVED
+CVE-2019-16799
+	RESERVED
+CVE-2019-16798
+	RESERVED
+CVE-2019-16797
+	RESERVED
+CVE-2019-16796
+	RESERVED
+CVE-2019-16795
+	RESERVED
+CVE-2019-16794
+	RESERVED
+CVE-2019-16793
+	RESERVED
+CVE-2019-16792
+	RESERVED
+CVE-2019-16791
+	RESERVED
+CVE-2019-16790
+	RESERVED
+CVE-2019-16789
+	RESERVED
+CVE-2019-16788
+	RESERVED
+CVE-2019-16787
+	RESERVED
+CVE-2019-16786
+	RESERVED
+CVE-2019-16785
+	RESERVED
+CVE-2019-16784
+	RESERVED
+CVE-2019-16783
+	RESERVED
+CVE-2019-16782
+	RESERVED
+CVE-2019-16781
+	RESERVED
+CVE-2019-16780
+	RESERVED
+CVE-2019-16779
+	RESERVED
+CVE-2019-16778
+	RESERVED
+CVE-2019-16777
+	RESERVED
+CVE-2019-16776
+	RESERVED
+CVE-2019-16775
+	RESERVED
+CVE-2019-16774
+	RESERVED
+CVE-2019-16773
+	RESERVED
+CVE-2019-16772
+	RESERVED
+CVE-2019-16771
+	RESERVED
+CVE-2019-16770
+	RESERVED
+CVE-2019-16769
+	RESERVED
+CVE-2019-16768
+	RESERVED
+CVE-2019-16767
+	RESERVED
+CVE-2019-16766
+	RESERVED
+CVE-2019-16765
+	RESERVED
+CVE-2019-16764
+	RESERVED
+CVE-2019-16763
+	RESERVED
+CVE-2019-16762
+	RESERVED
+CVE-2019-16761
+	RESERVED
+CVE-2019-16760
+	RESERVED
+CVE-2019-16759 (vBulletin 5.x through 5.5.4 allows remote command execution via the wi ...)
+	TODO: check
+CVE-2019-16758
+	RESERVED
 CVE-2019-16757
 	RESERVED
 CVE-2019-16756
@@ -62,10 +278,10 @@ CVE-2019-16727
 	RESERVED
 CVE-2019-16726
 	RESERVED
-CVE-2019-16725
-	RESERVED
-CVE-2019-16724
-	RESERVED
+CVE-2019-16725 (In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks  ...)
+	TODO: check
+CVE-2019-16724 (File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary ...)
+	TODO: check
 CVE-2019-16723 (In Cacti through 1.2.6, authenticated users may bypass authorization c ...)
 	- cacti <unfixed> (bug #941036)
 	NOTE: https://github.com/Cacti/cacti/issues/2964
@@ -804,10 +1020,10 @@ CVE-2019-16413 (An issue was discovered in the Linux kernel before 5.0.4. The 9p
 	NOTE: https://git.kernel.org/linus/5e3cc1ee1405a7eb3487ed24f786dec01b4cbe1f
 CVE-2019-16412 (In goform/setSysTools on Tenda N301 wireless routers, attackers can tr ...)
 	NOT-FOR-US: Tenda
-CVE-2019-16411
-	RESERVED
-CVE-2019-16410
-	RESERVED
+CVE-2019-16411 (An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 pa ...)
+	TODO: check
+CVE-2019-16410 (An issue was discovered in Suricata 4.1.4. By sending multiple fragmen ...)
+	TODO: check
 CVE-2019-16409
 	RESERVED
 CVE-2019-16408
@@ -923,18 +1139,22 @@ CVE-2019-16376
 CVE-2019-16375
 	RESERVED
 CVE-2019-16394 (SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messa ...)
+	{DSA-4532-1}
 	- spip 3.2.5-1
 	NOTE: https://core.spip.net/issues/4171
 	NOTE: https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone
 	NOTE: https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone
 CVE-2019-16393 (SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ec ...)
+	{DSA-4532-1}
 	- spip 3.2.5-1
 	NOTE: https://core.spip.net/issues/4362
 	NOTE: https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1
 CVE-2019-16392 (SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login ...)
+	{DSA-4532-1}
 	- spip 3.2.5-1
 	NOTE: https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028
 CVE-2019-16391 (SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors  ...)
+	{DSA-4532-1}
 	- spip 3.2.5-1
 	NOTE: https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79
 	NOTE: https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66
@@ -2846,8 +3066,8 @@ CVE-2019-15701 (components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remot
 	NOT-FOR-US: BloodHound
 CVE-2019-15700 (public/js/frappe/form/footer/timeline.js in Frappe Framework 12 throug ...)
 	NOT-FOR-US: Frappe Framework
-CVE-2019-15699
-	RESERVED
+CVE-2019-15699 (An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon rec ...)
+	TODO: check
 CVE-2019-15698 (In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, ...)
 	NOT-FOR-US: Octopus Deploy
 CVE-2019-15697
@@ -7771,8 +7991,8 @@ CVE-2019-14222 (An issue was discovered in Alfresco Community Edition versions 6
 	NOT-FOR-US: Alfresco
 CVE-2019-14221 (1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishan ...)
 	NOT-FOR-US: 1CRM On-Premise Software
-CVE-2019-14220
-	RESERVED
+CVE-2019-14220 (An issue was discovered in BlueStacks 4.110 and below on macOS and on  ...)
+	TODO: check
 CVE-2019-14219
 	RESERVED
 CVE-2019-14218
@@ -10333,10 +10553,10 @@ CVE-2019-13530 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version
 	NOT-FOR-US: Philips
 CVE-2019-13529
 	RESERVED
-CVE-2019-13528
-	RESERVED
-CVE-2019-13527
-	RESERVED
+CVE-2019-13528 (A specific utility may allow an attacker to gain read access to privil ...)
+	TODO: check
+CVE-2019-13527 (In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Version ...)
+	TODO: check
 CVE-2019-13526 (Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0  ...)
 	NOT-FOR-US: Datalogic AV7000 Linear barcode scanner
 CVE-2019-13525
@@ -14261,8 +14481,7 @@ CVE-2019-12070
 	RESERVED
 CVE-2019-12069
 	RESERVED
-CVE-2019-12068 [scsi: lsi: exit infinite loop while executing script]
-	RESERVED
+CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg ...)
 	{DLA-1927-1}
 	- qemu <unfixed> (low)
 	[buster] - qemu <postponed> (Minor issue, can be fixed along in future update)
@@ -32542,10 +32761,10 @@ CVE-2019-5507
 	RESERVED
 CVE-2019-5506
 	RESERVED
-CVE-2019-5505
-	RESERVED
-CVE-2019-5504
-	RESERVED
+CVE-2019-5505 (ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 ...)
+	TODO: check
+CVE-2019-5504 (ONTAP Select Deploy administration utility versions 2.12 & 2.12.1  ...)
+	TODO: check
 CVE-2019-5503 (OnCommand Workflow Automation versions prior to 5.0 shipped without ce ...)
 	NOT-FOR-US: OnCommand Workflow Automation
 CVE-2019-5502 (SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has we ...)
@@ -33454,8 +33673,7 @@ CVE-2019-5096
 	RESERVED
 CVE-2019-5095
 	RESERVED
-CVE-2019-5094 [A maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck]
-	RESERVED
+CVE-2019-5094 (An exploitable code execution vulnerability exists in the quota file f ...)
 	- e2fsprogs 1.45.4-1
 	NOTE: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=8dbe7b475ec5e91ed767239f0e85880f416fc384
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0369593780a6b95cabbf8e96d3911fa0b55f4e93

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0369593780a6b95cabbf8e96d3911fa0b55f4e93
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190925/aea823ba/attachment.html>

More information about the debian-security-tracker-commits mailing list