Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 84aa5f2c by security tracker role at 2019-09-28T08:10:30Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,7 +1,23 @@ -CVE-2019-16926 +CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x through ...) + TODO: check +CVE-2019-16934 + RESERVED +CVE-2019-16933 + RESERVED +CVE-2019-16932 RESERVED -CVE-2019-16925 +CVE-2019-16931 RESERVED +CVE-2019-16930 + RESERVED +CVE-2019-16929 + RESERVED +CVE-2019-16927 (Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the ...) + TODO: check +CVE-2019-16926 (Flower 1.0.0 has XSS via a crafted worker name. ...) + TODO: check +CVE-2019-16925 (Flower 1.0.0 has XSS via the name parameter in an @app.task call. ...) + TODO: check CVE-2019-16924 (The Nulock application 1.5.0 for mobile devices sends a cleartext pass ...) TODO: check CVE-2019-16923 (kkcms 1.3 has jx.php?url= XSS. ...) @@ -13,7 +29,8 @@ CVE-2019-16921 (In the Linux kernel before 4.17, hns_roce_alloc_ucontext in driv TODO: check, see kernel-sec CVE-2019-16920 (Unauthenticated remote code execution occurs in D-Link products such a ...) NOT-FOR-US: D-Link -CVE-2019-16928 [heap overflow in string_vformat()] +CVE-2019-16928 (Exim 4.92 through 4.92.2 allows remote code execution, a different vul ...) + {DSA-4536-1} - exim4 4.92.2-3 [stretch] - exim4 <not-affected> (Vulnerable code introduced later) [jessie] - exim4 <not-affected> (Vulnerable code introduced later) @@ -612,12 +629,12 @@ CVE-2019-16690 RESERVED CVE-2019-16689 RESERVED -CVE-2019-16688 - RESERVED -CVE-2019-16687 - RESERVED -CVE-2019-16686 - RESERVED +CVE-2019-16688 (Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_te ...) + TODO: check +CVE-2019-16687 (Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section ...) + TODO: check +CVE-2019-16686 (Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A us ...) + TODO: check CVE-2019-16685 (Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Descripti ...) - dolibarr <removed> CVE-2019-16684 @@ -1677,6 +1694,7 @@ CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dis NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=02ddd49885c6a09e936a76aceb726ed06539704a CVE-2019-16276 RESERVED + {DSA-4534-1} - golang-1.13 1.13.1-1 - golang-1.12 1.12.10-1 (bug #941173) - golang-1.11 <removed> @@ -15093,8 +15111,8 @@ CVE-2019-11929 RESERVED CVE-2019-11928 RESERVED -CVE-2019-11927 - RESERVED +CVE-2019-11927 (An integer overflow in WhatsApp media parsing libraries allows a remot ...) + TODO: check CVE-2019-11926 (Insufficient boundary checks when processing M_SOFx markers from JPEG ...) - hhvm <removed> CVE-2019-11925 (Insufficient boundary checks when processing the JPEG APP12 block mark ...) @@ -33996,6 +34014,7 @@ CVE-2019-5096 CVE-2019-5095 RESERVED CVE-2019-5094 (An exploitable code execution vulnerability exists in the quota file f ...) + {DSA-4535-1} - e2fsprogs 1.45.4-1 (bug #941139) NOTE: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=8dbe7b475ec5e91ed767239f0e85880f416fc384 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887 @@ -37031,8 +37050,8 @@ CVE-2019-3768 RESERVED CVE-2019-3767 RESERVED -CVE-2019-3766 - RESERVED +CVE-2019-3766 (Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction ...) + TODO: check CVE-2019-3765 RESERVED CVE-2019-3764 @@ -37069,10 +37088,10 @@ CVE-2019-3749 RESERVED CVE-2019-3748 RESERVED -CVE-2019-3747 - RESERVED -CVE-2019-3746 - RESERVED +CVE-2019-3747 (Dell EMC Integrated Data Protection Appliance versions prior to 2.3 co ...) + TODO: check +CVE-2019-3746 (Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do ...) + TODO: check CVE-2019-3745 RESERVED CVE-2019-3744 (Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a pri ...) @@ -37091,8 +37110,8 @@ CVE-2019-3738 (RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an I NOT-FOR-US: RSA CVE-2019-3737 (Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by a ...) NOT-FOR-US: Dell EMC Avamar ADMe Web Interface -CVE-2019-3736 - RESERVED +CVE-2019-3736 (Dell EMC Integrated Data Protection Appliance versions prior to 2.3 co ...) + TODO: check CVE-2019-3735 (Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist ...) NOT-FOR-US: Dell SupportAssist CVE-2019-3734 (Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84aa5f2cca50f56a0f018452b923a1e6dff920f9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84aa5f2cca50f56a0f018452b923a1e6dff920f9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits