[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 09 Sep 2019 01:11:01 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9fbfe95d by security tracker role at 2019-09-09T08:10:15Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2019-16148
+       RESERVED
+CVE-2019-16147
+       RESERVED
+CVE-2019-16146
+       RESERVED
+CVE-2019-16145
+       RESERVED
+CVE-2019-16144
+       RESERVED
+CVE-2019-16143
+       RESERVED
+CVE-2019-16142
+       RESERVED
+CVE-2019-16141
+       RESERVED
+CVE-2019-16140
+       RESERVED
+CVE-2019-16139
+       RESERVED
+CVE-2019-16138
+       RESERVED
+CVE-2019-16137
+       RESERVED
+CVE-2019-16136
+       RESERVED
+CVE-2019-16135
+       RESERVED
+CVE-2019-16134
+       RESERVED
+CVE-2019-16133 (An issue was discovered in eteams OA v4.0.34. Because the 
session is n ...)
+       TODO: check
+CVE-2019-16132 (An issue was discovered in OKLite v1.2.25. 
framework/admin/tpl_control ...)
+       TODO: check
+CVE-2019-16131 (framework/admin/modulec_control.php in OKLite v1.2.25 has an 
Arbitrary ...)
+       TODO: check
+CVE-2019-16130 (YII2-CMS v1.0 has XSS in 
protected\core\modules\home\models\Contact.ph ...)
+       TODO: check
+CVE-2019-16129
+       RESERVED
+CVE-2019-16128
+       RESERVED
+CVE-2019-16127
+       RESERVED
+CVE-2019-16126 (Grav through 1.6.15 allows (Stored) Cross-Site Scripting due 
to JavaSc ...)
+       TODO: check
+CVE-2019-16125 (In Jobberbase 2.0, the parameter category is not sanitized in 
public/p ...)
+       TODO: check
+CVE-2019-16124 (In YouPHPTube 7.4, the file install/checkConfiguration.php has 
no acce ...)
+       TODO: check
+CVE-2019-16123 (In Kartatopia PilusCart 1.4.1, the parameter filename in the 
file cata ...)
+       TODO: check
+CVE-2019-16122
+       RESERVED
+CVE-2019-16121
+       RESERVED
+CVE-2019-16120 (CSV injection in the event-tickets (Event Tickets) plugin 
before 4.10. ...)
+       TODO: check
+CVE-2019-16119 (SQL injection in the photo-gallery (10Web Photo Gallery) 
plugin before ...)
+       TODO: check
+CVE-2019-16118 (Cross site scripting (XSS) in the photo-gallery (10Web Photo 
Gallery)  ...)
+       TODO: check
+CVE-2019-16117 (Cross site scripting (XSS) in the photo-gallery (10Web Photo 
Gallery)  ...)
+       TODO: check
+CVE-2019-16116
+       RESERVED
+CVE-2019-16115 (In Xpdf 4.01.01, a stack-based buffer under-read could be 
triggered in ...)
+       TODO: check
+CVE-2019-16114
+       RESERVED
+CVE-2019-16113 (Bludit 3.9.2 allows remote code execution via 
bl-kernel/ajax/upload-im ...)
+       TODO: check
+CVE-2019-16112
+       RESERVED
+CVE-2019-16111
+       RESERVED
+CVE-2019-16110
+       RESERVED
+CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1. 
It confi ...)
+       TODO: check
+CVE-2019-16108
+       RESERVED
+CVE-2019-16107
+       RESERVED
+CVE-2018-21014
+       RESERVED
+CVE-2018-21013
+       RESERVED
+CVE-2018-21012
+       RESERVED
+CVE-2018-21011
+       RESERVED
 CVE-2019-16106
        RESERVED
 CVE-2019-16105 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f 
directory t ...)
@@ -17378,6 +17470,7 @@ CVE-2019-10187 (A flaw was found in moodle before 
versions 3.7.1, 3.6.5, 3.5.7.
 CVE-2019-10186 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 
3.5.7. A sess ...)
        - moodle <removed>
 CVE-2019-10185 (It was found that icedtea-web up to and including 1.7.2 and 
1.8.2 was  ...)
+       {DLA-1914-1}
        - icedtea-web 1.8.3-1 (bug #934319)
        NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
        NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
@@ -17389,10 +17482,12 @@ CVE-2019-10183 (Virt-install(1) utility used to 
provision new virtual machines h
        - virt-manager <not-affected> (Vulnerable code introduced in v2.2.0)
        NOTE: 
https://www.redhat.com/archives/virt-tools-list/2019-July/msg00014.html
 CVE-2019-10182 (It was found that icedtea-web though 1.7.2 and 1.8.2 did not 
properly  ...)
+       {DLA-1914-1}
        - icedtea-web 1.8.3-1 (bug #934319)
        NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
        NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
 CVE-2019-10181 (It was found that in icedtea-web up to and including 1.7.2 and 
1.8.2 e ...)
+       {DLA-1914-1}
        - icedtea-web 1.8.3-1 (bug #934319)
        NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2
        NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344
@@ -19163,6 +19258,7 @@ CVE-2019-9855 (LibreOffice is typically bundled with 
LibreLogo, a programmable t
        - libreoffice <not-affected> (Windows-specific)
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9855/
 CVE-2019-9854 (LibreOffice has a feature where documents can specify that 
pre-install ...)
+       {DSA-4519-1}
        - libreoffice 1:6.3.1~rc2-1
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9854/
 CVE-2019-9853



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fbfe95db3b5bfef53fc060cb5dc6c38232dac66

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9fbfe95db3b5bfef53fc060cb5dc6c38232dac66
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to