Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f3edf7fa by security tracker role at 2019-10-18T20:10:28Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2514,8 +2514,8 @@ CVE-2019-17528 (An issue was discovered in Bento4
1.5.1.0. There is a SEGV in th
NOT-FOR-US: Bento4
CVE-2019-17527
RESERVED
-CVE-2019-17526
- RESERVED
+CVE-2019-17526 (** DISPUTED ** An issue was discovered in SageMath Sage Cell
Server th ...)
+ TODO: check
CVE-2019-17525
RESERVED
CVE-2019-17524
@@ -2894,8 +2894,8 @@ CVE-2019-17395 (In the Rapid Gator application 0.7.1 for
Android, the username a
NOT-FOR-US: Rapid Gator application
CVE-2019-17394 (In the Seesaw Parent and Family application 6.2.5 for Android,
the use ...)
NOT-FOR-US: Seesaw Parent and Family application
-CVE-2019-17393
- RESERVED
+CVE-2019-17393 (The Customer's Tomedo Server in Version 1.7.3 communicates to
the Vend ...)
+ TODO: check
CVE-2019-17392
RESERVED
CVE-2019-17391
@@ -2951,8 +2951,8 @@ CVE-2019-17369 (OTCMS v3.85 has CSRF in the
admin/member_deal.php Admin Panel pa
NOT-FOR-US: OTCMS
CVE-2019-17368 (S-CMS v1.5 has XSS in tpl.php via the member/member_login.php
from par ...)
NOT-FOR-US: S-CMS
-CVE-2019-17367
- RESERVED
+CVE-2019-17367 (OpenWRT firmware version 18.06.4 is vulnerable to CSRF via
wireless/ra ...)
+ TODO: check
CVE-2019-17366 (Citrix Application Delivery Management (ADM) 12.1 before build
54.13 h ...)
NOT-FOR-US: Citrix
CVE-2019-17365 (Nix through 2.3 allows local users to gain access to an
arbitrary user ...)
@@ -3271,8 +3271,8 @@ CVE-2019-17209
RESERVED
CVE-2019-17208
RESERVED
-CVE-2019-17207
- RESERVED
+CVE-2019-17207 (A reflected XSS vulnerability was found in
includes/admin/table-printe ...)
+ TODO: check
CVE-2019-17206 (Uncontrolled deserialization of a pickled object in models.py
in Frost ...)
NOT-FOR-US: Frost Ming rediswrapper
CVE-2019-17205 (TeamPass 2.1.27.36 allows Stored XSS by placing a payload in
the usern ...)
@@ -3907,9 +3907,9 @@ CVE-2019-16929 (Auth0 auth0.net before 6.5.4 has
Incorrect Access Control becaus
NOT-FOR-US: Auth0 auth0.net
CVE-2019-16927 (Xpdf 4.01.01 has an out-of-bounds write in the vertProfile
part of the ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
-CVE-2019-16926 (Flower 0.9.3 has XSS via a crafted worker name. ...)
+CVE-2019-16926 (** DISPUTED ** Flower 0.9.3 has XSS via a crafted worker name.
NOTE: T ...)
NOT-FOR-US: Flower
-CVE-2019-16925 (Flower 0.9.3 has XSS via the name parameter in an @app.task
call. ...)
+CVE-2019-16925 (** DISPUTED ** Flower 0.9.3 has XSS via the name parameter in
an @app. ...)
NOT-FOR-US: Flower
CVE-2019-16924 (The Nulock application 1.5.0 for mobile devices sends a
cleartext pass ...)
NOT-FOR-US: Nulock
@@ -3930,8 +3930,8 @@ CVE-2019-16928 (Exim 4.92 through 4.92.2 allows remote
code execution, a differe
NOTE:
https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html
NOTE: https://bugs.exim.org/show_bug.cgi?id=2449
NOTE:
https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f
-CVE-2019-16919
- RESERVED
+CVE-2019-16919 (Harbor API has a Broken Access Control vulnerability. The
vulnerabilit ...)
+ TODO: check
CVE-2019-16918
RESERVED
CVE-2019-16917 (WiKID Enterprise 2FA (two factor authentication) Enterprise
Server thr ...)
@@ -4428,6 +4428,7 @@ CVE-2019-16740
CVE-2019-16739
RESERVED
CVE-2019-16738 (In MediaWiki through 1.33.0, Special:Redirect allows
information discl ...)
+ {DSA-4545-1}
- mediawiki 1:1.31.4-1
NOTE: https://phabricator.wikimedia.org/T230402
CVE-2019-16737
@@ -6739,10 +6740,10 @@ CVE-2019-15902 (A backporting error was discovered in
the Linux stable/longterm
- linux <unfixed>
[jessie] - linux <not-affected> (Bug never introduced)
NOTE:
https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php
-CVE-2019-15901
- RESERVED
-CVE-2019-15900
- RESERVED
+CVE-2019-15901 (An issue was discovered in slicer69 doas before 6.2 on certain
platfor ...)
+ TODO: check
+CVE-2019-15900 (An issue was discovered in slicer69 doas before 6.2 on certain
platfor ...)
+ TODO: check
CVE-2019-15899
RESERVED
CVE-2019-15898 (Nagios Log Server before 2.0.8 allows Reflected XSS via the
username o ...)
@@ -14941,16 +14942,16 @@ CVE-2019-13547
RESERVED
CVE-2019-13546
RESERVED
-CVE-2019-13545
- RESERVED
+CVE-2019-13545 (In Horner Automation Cscape 9.90 and prior, improper
validation of dat ...)
+ TODO: check
CVE-2019-13544 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple
out-of-b ...)
NOT-FOR-US: Delta Electronics TPEditor
CVE-2019-13543
RESERVED
CVE-2019-13542 (3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all
version ...)
NOT-FOR-US: 3S-Smart
-CVE-2019-13541
- RESERVED
+CVE-2019-13541 (In Horner Automation Cscape 9.90 and prior, an improper input
validati ...)
+ TODO: check
CVE-2019-13540 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple
stack-ba ...)
NOT-FOR-US: Delta Electronics TPEditor
CVE-2019-13539
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3edf7fa20d257c5f90045737da1d398e62f427b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f3edf7fa20d257c5f90045737da1d398e62f427b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
