[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sat, 28 Sep 2019 01:11:05 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
84aa5f2c by security tracker role at 2019-09-28T08:10:30Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,23 @@
-CVE-2019-16926
+CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x 
through ...)
+       TODO: check
+CVE-2019-16934
+       RESERVED
+CVE-2019-16933
+       RESERVED
+CVE-2019-16932
        RESERVED
-CVE-2019-16925
+CVE-2019-16931
        RESERVED
+CVE-2019-16930
+       RESERVED
+CVE-2019-16929
+       RESERVED
+CVE-2019-16927 (Xpdf 4.01.01 has an out-of-bounds write in the vertProfile 
part of the ...)
+       TODO: check
+CVE-2019-16926 (Flower 1.0.0 has XSS via a crafted worker name. ...)
+       TODO: check
+CVE-2019-16925 (Flower 1.0.0 has XSS via the name parameter in an @app.task 
call. ...)
+       TODO: check
 CVE-2019-16924 (The Nulock application 1.5.0 for mobile devices sends a 
cleartext pass ...)
        TODO: check
 CVE-2019-16923 (kkcms 1.3 has jx.php?url= XSS. ...)
@@ -13,7 +29,8 @@ CVE-2019-16921 (In the Linux kernel before 4.17, 
hns_roce_alloc_ucontext in driv
        TODO: check, see kernel-sec
 CVE-2019-16920 (Unauthenticated remote code execution occurs in D-Link 
products such a ...)
        NOT-FOR-US: D-Link
-CVE-2019-16928 [heap overflow in string_vformat()]
+CVE-2019-16928 (Exim 4.92 through 4.92.2 allows remote code execution, a 
different vul ...)
+       {DSA-4536-1}
        - exim4 4.92.2-3
        [stretch] - exim4 <not-affected> (Vulnerable code introduced later)
        [jessie] - exim4 <not-affected> (Vulnerable code introduced later)
@@ -612,12 +629,12 @@ CVE-2019-16690
        RESERVED
 CVE-2019-16689
        RESERVED
-CVE-2019-16688
-       RESERVED
-CVE-2019-16687
-       RESERVED
-CVE-2019-16686
-       RESERVED
+CVE-2019-16688 (Dolibarr 9.0.5 has stored XSS in an Email Template section to 
mails_te ...)
+       TODO: check
+CVE-2019-16687 (Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature 
section ...)
+       TODO: check
+CVE-2019-16686 (Dolibarr 9.0.5 has stored XSS in a User Note section to 
note.php. A us ...)
+       TODO: check
 CVE-2019-16685 (Dolibarr 9.0.5 has stored XSS vulnerability via a User Group 
Descripti ...)
        - dolibarr <removed>
 CVE-2019-16684
@@ -1677,6 +1694,7 @@ CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 
2.6.10, the Gryphon dis
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=02ddd49885c6a09e936a76aceb726ed06539704a
 CVE-2019-16276
        RESERVED
+       {DSA-4534-1}
        - golang-1.13 1.13.1-1
        - golang-1.12 1.12.10-1 (bug #941173)
        - golang-1.11 <removed>
@@ -15093,8 +15111,8 @@ CVE-2019-11929
        RESERVED
 CVE-2019-11928
        RESERVED
-CVE-2019-11927
-       RESERVED
+CVE-2019-11927 (An integer overflow in WhatsApp media parsing libraries allows 
a remot ...)
+       TODO: check
 CVE-2019-11926 (Insufficient boundary checks when processing M_SOFx markers 
from JPEG  ...)
        - hhvm <removed>
 CVE-2019-11925 (Insufficient boundary checks when processing the JPEG APP12 
block mark ...)
@@ -33996,6 +34014,7 @@ CVE-2019-5096
 CVE-2019-5095
        RESERVED
 CVE-2019-5094 (An exploitable code execution vulnerability exists in the quota 
file f ...)
+       {DSA-4535-1}
        - e2fsprogs 1.45.4-1 (bug #941139)
        NOTE: 
https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=8dbe7b475ec5e91ed767239f0e85880f416fc384
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887
@@ -37031,8 +37050,8 @@ CVE-2019-3768
        RESERVED
 CVE-2019-3767
        RESERVED
-CVE-2019-3766
-       RESERVED
+CVE-2019-3766 (Dell EMC ECS versions prior to 3.4.0.0 contain an improper 
restriction ...)
+       TODO: check
 CVE-2019-3765
        RESERVED
 CVE-2019-3764
@@ -37069,10 +37088,10 @@ CVE-2019-3749
        RESERVED
 CVE-2019-3748
        RESERVED
-CVE-2019-3747
-       RESERVED
-CVE-2019-3746
-       RESERVED
+CVE-2019-3747 (Dell EMC Integrated Data Protection Appliance versions prior to 
2.3 co ...)
+       TODO: check
+CVE-2019-3746 (Dell EMC Integrated Data Protection Appliance versions prior to 
2.3 do ...)
+       TODO: check
 CVE-2019-3745
        RESERVED
 CVE-2019-3744 (Dell/Alienware Digital Delivery versions prior to 4.0.41 
contain a pri ...)
@@ -37091,8 +37110,8 @@ CVE-2019-3738 (RSA BSAFE Crypto-J versions prior to 
6.2.5 are vulnerable to an I
        NOT-FOR-US: RSA
 CVE-2019-3737 (Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are 
affected by a ...)
        NOT-FOR-US: Dell EMC Avamar ADMe Web Interface
-CVE-2019-3736
-       RESERVED
+CVE-2019-3736 (Dell EMC Integrated Data Protection Appliance versions prior to 
2.3 co ...)
+       TODO: check
 CVE-2019-3735 (Dell SupportAssist for Business PCs version 2.0 and Dell 
SupportAssist ...)
        NOT-FOR-US: Dell SupportAssist
 CVE-2019-3734 (Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 
contain an ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/84aa5f2cca50f56a0f018452b923a1e6dff920f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/84aa5f2cca50f56a0f018452b923a1e6dff920f9
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to