[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 16 Oct 2019 01:11:39 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9a47f260 by security tracker role at 2019-10-16T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2019-17621
+       RESERVED
+CVE-2019-17620
+       RESERVED
+CVE-2019-17619
+       RESERVED
+CVE-2019-17618
+       RESERVED
+CVE-2019-17617
+       RESERVED
+CVE-2019-17616
+       RESERVED
+CVE-2019-17615
+       RESERVED
+CVE-2019-17614
+       RESERVED
+CVE-2019-17613 (qibosoft 7 allows remote code execution because do/jf.php 
makes eval c ...)
+       TODO: check
+CVE-2019-17612 (An issue was discovered in 74CMS v5.2.8. There is a SQL 
Injection gene ...)
+       TODO: check
+CVE-2019-17611
+       RESERVED
+CVE-2019-17610
+       RESERVED
+CVE-2019-17609
+       RESERVED
+CVE-2019-17608
+       RESERVED
+CVE-2019-17607
+       RESERVED
+CVE-2019-17606
+       RESERVED
+CVE-2019-17605
+       RESERVED
+CVE-2019-17604
+       RESERVED
+CVE-2019-17603
+       RESERVED
+CVE-2019-17602 (An issue was discovered in Zoho ManageEngine OpManager before 
12.4 bui ...)
+       TODO: check
+CVE-2019-17601 (In MiniShare 1.4.1, there is a stack-based buffer overflow via 
an HTTP ...)
+       TODO: check
+CVE-2016-11016 (NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= 
XSS. ...)
+       TODO: check
+CVE-2016-11015 (NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc 
CSRF via ...)
+       TODO: check
+CVE-2016-11014 (NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access 
Control  ...)
+       TODO: check
 CVE-2019-17600 (Intelbras IWR 1000N 1.6.4 devices allows disclosure of the 
administrat ...)
        NOT-FOR-US: Intelbras IWR 1000N devices
 CVE-2019-17599
@@ -640,16 +688,16 @@ CVE-2019-17400
        RESERVED
 CVE-2019-17399 (The Shack Forms Pro extension before 4.0.32 for Joomla! allows 
path tr ...)
        NOT-FOR-US: Shack Forms Pro extension for Joomla!
-CVE-2019-17398
-       RESERVED
+CVE-2019-17398 (In the Dark Horse Comics application 1.3.21 for Android, token 
informa ...)
+       TODO: check
 CVE-2019-17397 (In the DoorDash application through 11.5.2 for Android, the 
username a ...)
        NOT-FOR-US: DoorDash application
-CVE-2019-17396
-       RESERVED
-CVE-2019-17395
-       RESERVED
-CVE-2019-17394
-       RESERVED
+CVE-2019-17396 (In the PowerSchool Mobile application 1.1.8 for Android, the 
username  ...)
+       TODO: check
+CVE-2019-17395 (In the Rapid Gator application 0.7.1 for Android, the username 
and pas ...)
+       TODO: check
+CVE-2019-17394 (In the Seesaw Parent and Family application 6.2.5 for Android, 
the use ...)
+       TODO: check
 CVE-2019-17393
        RESERVED
 CVE-2019-17392
@@ -735,10 +783,10 @@ CVE-2019-17358
        RESERVED
 CVE-2019-17357
        RESERVED
-CVE-2019-17356
-       RESERVED
-CVE-2019-17355
-       RESERVED
+CVE-2019-17356 (The Infinite Design application 3.4.12 for Android sends a 
username an ...)
+       TODO: check
+CVE-2019-17355 (In the Orbitz application 19.31.1 for Android, the username 
and passwo ...)
+       TODO: check
 CVE-2019-17354 (wan.htm page on Zyxel NBG-418N v2 with firmware version 
V1.00(AARP.9)C ...)
        NOT-FOR-US: Zyxel
 CVE-2019-17353 (An issue discovered on D-Link DIR-615 devices with firmware 
version 20 ...)
@@ -1831,6 +1879,7 @@ CVE-2019-16868 (emlog through 6.0.0beta has an arbitrary 
file deletion vulnerabi
 CVE-2019-16867 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the 
file par ...)
        NOT-FOR-US: HongCMS
 CVE-2019-16866 (Unbound before 1.9.4 accesses uninitialized memory, which 
allows remot ...)
+       {DSA-4544-1}
        - unbound 1.9.4-1 (bug #941692)
        [stretch] - unbound <not-affected> (Vulnerable code introduced in 1.7.1)
        [jessie] - unbound <not-affected> (Vulnerable code introduced in 1.7.1)
@@ -13033,8 +13082,8 @@ CVE-2019-13394
        RESERVED
 CVE-2019-13393
        RESERVED
-CVE-2019-13392
-       RESERVED
+CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in 
MindPalette Na ...)
+       TODO: check
 CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in 
MagickCore/fourier.c has ...)
        - imagemagick <unfixed> (bug #931633)
        [jessie] - imagemagick <postponed> (minor, wait for upstream to clear 
patch-related questions)
@@ -22048,7 +22097,7 @@ CVE-2019-10093 (In Apache Tika 1.19 to 1.21, a 
carefully crafted 2003ml or 2006m
        NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/3
        NOTE: 
https://github.com/apache/tika/commit/81c21ab0aac6b3e4102a1a8906c8c7eab6f96dae
 CVE-2019-10092 (In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site 
scripting iss ...)
-       {DSA-4509-1 DLA-1900-1}
+       {DSA-4509-3 DSA-4509-1 DLA-1900-1}
        - apache2 2.4.41-1
        NOTE: Affects upstream versions 2.4.0 to 2.4.39
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10092



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a47f2605c9db4e5cf8ccea89bfb84e5f8064732

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9a47f2605c9db4e5cf8ccea89bfb84e5f8064732
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to