[Git][security-tracker-team/security-tracker][master] automatic update

Thu, 24 Oct 2019 13:11:35 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6aa19172 by security tracker role at 2019-10-24T20:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2019-18419 (A cross-site scripting (XSS) vulnerability in index.php in 
ClonOS WEB  ...)
+       TODO: check
+CVE-2019-18418 (clonos.php in ClonOS WEB control panel 19.09 allows remote 
attackers t ...)
+       TODO: check
+CVE-2019-18417 (Sourcecodester Restaurant Management System 1.0 allows an 
authenticate ...)
+       TODO: check
+CVE-2019-18416 (Sourcecodester Restaurant Management System 1.0 allows XSS via 
the Las ...)
+       TODO: check
+CVE-2019-18415 (Sourcecodester Restaurant Management System 1.0 allows XSS via 
the "se ...)
+       TODO: check
+CVE-2019-18414 (Sourcecodester Restaurant Management System 1.0 is affected by 
an admi ...)
+       TODO: check
+CVE-2019-18413 (In TypeStack class-validator 0.10.2, validate() input 
validation can b ...)
+       TODO: check
+CVE-2019-18412
+       RESERVED
+CVE-2019-18411
+       RESERVED
+CVE-2019-18410
+       RESERVED
+CVE-2019-18409 (The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows 
local pr ...)
+       TODO: check
+CVE-2019-18408 (archive_read_format_rar_read_data in 
archive_read_support_format_rar.c ...)
+       TODO: check
+CVE-2019-18407
+       RESERVED
+CVE-2019-18406
+       RESERVED
+CVE-2019-18405
+       RESERVED
+CVE-2019-18404
+       RESERVED
+CVE-2019-18403
+       RESERVED
+CVE-2019-18402
+       RESERVED
+CVE-2019-18401
+       RESERVED
+CVE-2019-18400
+       RESERVED
+CVE-2019-18399
+       RESERVED
+CVE-2019-18398
+       RESERVED
+CVE-2019-18397
+       RESERVED
+CVE-2019-18396
+       RESERVED
+CVE-2019-18395
+       RESERVED
+CVE-2019-18394 (A Server Side Request Forgery (SSRF) vulnerability in 
FaviconServlet.j ...)
+       TODO: check
+CVE-2019-18393 (PluginServlet.java in Ignite Realtime Openfire through 4.4.2 
does not  ...)
+       TODO: check
 CVE-2019-18392
        RESERVED
 CVE-2019-18391
@@ -394,20 +448,20 @@ CVE-2019-18203 (On the RICOH MP 501 printer, HTML 
Injection and Stored XSS vulne
        NOT-FOR-US: Ricoh
 CVE-2019-18202 (Information Disclosure is possible on WAGO Series PFC100 and 
PFC200 de ...)
        NOT-FOR-US: WAGO Series PFC100 and PFC200 devices
-CVE-2019-18201
-       RESERVED
-CVE-2019-18200
-       RESERVED
-CVE-2019-18199
-       RESERVED
+CVE-2019-18201 (An issue was discovered on Fujitsu Wireless Keyboard Set LX390 
GK381 d ...)
+       TODO: check
+CVE-2019-18200 (An issue was discovered on Fujitsu Wireless Keyboard Set LX390 
GK381 d ...)
+       TODO: check
+CVE-2019-18199 (An issue was discovered on Fujitsu Wireless Keyboard Set LX390 
GK381 d ...)
+       TODO: check
 CVE-2019-18197 (In xsltCopyText in transform.c in libxslt 1.1.33, a pointer 
variable i ...)
        - libxslt <unfixed> (bug #942646)
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
        NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
        NOTE: 
https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
-CVE-2019-18196
-       RESERVED
+CVE-2019-18196 (A DLL side loading vulnerability in the Windows Service in 
TeamViewer  ...)
+       TODO: check
 CVE-2019-18198 (In the Linux kernel before 5.3.4, a reference count usage 
error in the ...)
        - linux <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://git.kernel.org/linus/ca7a03c4175366a92cee0ccc4fec0038c3266e26
@@ -2696,8 +2750,8 @@ CVE-2019-17583 (idreamsoft iCMS 7.0.15 allows remote 
attackers to cause a denial
        NOT-FOR-US: idreamsoft iCMS
 CVE-2019-17582
        RESERVED
-CVE-2019-17581
-       RESERVED
+CVE-2019-17581 (tonyy dormsystem through 1.3 allows DOM XSS. ...)
+       TODO: check
 CVE-2019-17580 (tonyy dormsystem through 1.3 allows SQL Injection in 
admin.php. ...)
        NOT-FOR-US: tonyy dormsystem
 CVE-2019-17579 (SonarSource SonarQube before 7.8 has XSS in project links on 
account/p ...)
@@ -7070,8 +7124,8 @@ CVE-2019-15931
        RESERVED
 CVE-2019-15930
        RESERVED
-CVE-2019-15929
-       RESERVED
+CVE-2019-15929 (In Craft CMS through 3.1.7, the elevated session password 
prompt was n ...)
+       TODO: check
 CVE-2019-15928
        RESERVED
 CVE-2019-15927 (An issue was discovered in the Linux kernel before 4.20.2. An 
out-of-b ...)
@@ -7768,8 +7822,8 @@ CVE-2019-15705
        RESERVED
 CVE-2019-15704
        RESERVED
-CVE-2019-15703
-       RESERVED
+CVE-2019-15703 (An Insufficient Entropy in PRNG vulnerability in Fortinet 
FortiOS 6.2. ...)
+       TODO: check
 CVE-2019-15702 (In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, 
the pars ...)
        NOT-FOR-US: RIOT RIOT-OS
 CVE-2019-15701 (components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows 
remote atta ...)
@@ -14122,16 +14176,16 @@ CVE-2019-13655 (Imgix through 2019-06-19 allows 
remote attackers to cause a deni
        NOT-FOR-US: Imgix
 CVE-2019-13654
        RESERVED
-CVE-2019-13653
-       RESERVED
-CVE-2019-13652
-       RESERVED
-CVE-2019-13651
-       RESERVED
-CVE-2019-13650
-       RESERVED
-CVE-2019-13649
-       RESERVED
+CVE-2019-13653 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n 
allow trig ...)
+       TODO: check
+CVE-2019-13652 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n 
allow serv ...)
+       TODO: check
+CVE-2019-13651 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n 
allow port ...)
+       TODO: check
+CVE-2019-13650 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n 
allow inte ...)
+       TODO: check
+CVE-2019-13649 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n 
allow exte ...)
+       TODO: check
 CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform, 
when hardwa ...)
        {DSA-4497-1 DSA-4495-1 DLA-1885-1}
        - linux 5.2.6-1
@@ -19373,10 +19427,10 @@ CVE-2019-12097 (Telerik Fiddler v5.0.20182.28034 
doesn't verify the hash of Enab
        NOT-FOR-US: Telerik Fiddler
 CVE-2019-12096
        RESERVED
-CVE-2019-12095
-       RESERVED
-CVE-2019-12094
-       RESERVED
+CVE-2019-12095 (Horde Trean, as used in Horde Groupware Webmail Edition 
through 5.2.22 ...)
+       TODO: check
+CVE-2019-12094 (Horde Groupware Webmail Edition through 5.2.22 allows XSS via 
an admin ...)
+       TODO: check
 CVE-2019-12093
        RESERVED
 CVE-2019-12092
@@ -19546,8 +19600,8 @@ CVE-2019-12019
        RESERVED
 CVE-2019-12018
        RESERVED
-CVE-2019-12017
-       RESERVED
+CVE-2019-12017 (A remote code execution vulnerability exists in MapR CLDB 
code, specif ...)
+       TODO: check
 CVE-2019-12016
        RESERVED
 CVE-2019-12015
@@ -22364,8 +22418,8 @@ CVE-2019-11023 (The agroot() function in cgraph\obj.c 
in libcgraph.a in Graphviz
        NOTE: Crash in CLI tool, no security impact
 CVE-2019-11022
        RESERVED
-CVE-2019-11021
-       RESERVED
+CVE-2019-11021 (admin/app/mediamanager in Schlix CMS 2.1.8-7 allows 
Authenticated Unre ...)
+       TODO: check
 CVE-2019-11020 (Lack of authentication in file-viewing components in DDRT 
Dashcom Live ...)
        NOT-FOR-US: DDRT Dashcom
 CVE-2019-11019 (Lack of authentication in case-exporting components in DDRT 
Dashcom Li ...)
@@ -26926,8 +26980,8 @@ CVE-2019-9701 (DLP 15.5 MP1 and all prior versions may 
be susceptible to a cross
        NOT-FOR-US: DLP (Symantec)
 CVE-2019-9700 (Norton Password Manager, prior to 6.3.0.2082, may be 
susceptible to an ...)
        NOT-FOR-US: Norton Password Manager
-CVE-2019-9699
-       RESERVED
+CVE-2019-9699 (Symantec Messaging Gateway (prior to 10.7.0), may be 
susceptible to an ...)
+       TODO: check
 CVE-2019-9698 (Symantec AV Engine, prior to 13.0.9r17, may be susceptible to 
an arbit ...)
        NOT-FOR-US: Symantec
 CVE-2019-9697 (An information disclosure vulnerability in the Management 
Center (MC)  ...)
@@ -31242,12 +31296,12 @@ CVE-2019-8082
        RESERVED
 CVE-2019-8081
        RESERVED
-CVE-2019-8080
-       RESERVED
-CVE-2019-8079
-       RESERVED
-CVE-2019-8078
-       RESERVED
+CVE-2019-8080 (Adobe Experience Manager versions 6.4 and 6.3 have a stored 
cross site ...)
+       TODO: check
+CVE-2019-8079 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 
have a s ...)
+       TODO: check
+CVE-2019-8078 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a 
reflected cr ...)
+       TODO: check
 CVE-2019-8077 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 
2019.01 ...)
        NOT-FOR-US: Adobe
 CVE-2019-8076 (Adobe application manager installer version 10.0 have an 
Insecure Libr ...)
@@ -34708,8 +34762,8 @@ CVE-2019-6694
        RESERVED
 CVE-2019-6693
        RESERVED
-CVE-2019-6692
-       RESERVED
+CVE-2019-6692 (A malicious DLL preload vulnerability in Fortinet FortiClient 
for Wind ...)
+       TODO: check
 CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL Injection via the 
admin.php?m=bac ...)
        NOT-FOR-US: phpwind
 CVE-2019-6690 (python-gnupg 0.4.3 allows context-dependent attackers to trick 
gnupg t ...)
@@ -38983,10 +39037,10 @@ CVE-2019-5015 (A local privilege escalation 
vulnerability exists in the Mac OS X
        NOT-FOR-US: Apple
 CVE-2019-5014 (An exploitable improper access control vulnerability exists in 
the blu ...)
        NOT-FOR-US: Winco Fireworks FireFly FW-1007
-CVE-2019-5013
-       RESERVED
-CVE-2019-5012
-       RESERVED
+CVE-2019-5013 (An exploitable privilege escalation vulnerability exists in the 
Wacom, ...)
+       TODO: check
+CVE-2019-5012 (An exploitable privilege escalation vulnerability exists in the 
Wacom, ...)
+       TODO: check
 CVE-2019-5011 (An exploitable privilege escalation vulnerability exists in the 
helper ...)
        NOT-FOR-US: CleanMyMac
 CVE-2019-5010 [NULL pointer dereference using a specially crafted X509 
certificate]
@@ -40069,8 +40123,8 @@ CVE-2019-4488
        RESERVED
 CVE-2019-4487
        RESERVED
-CVE-2019-4486
-       RESERVED
+CVE-2019-4486 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site 
scripting. ...)
+       TODO: check
 CVE-2019-4485 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract 
Management 1 ...)
        NOT-FOR-US: IBM
 CVE-2019-4484 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract 
Management 1 ...)
@@ -40123,8 +40177,8 @@ CVE-2019-4461
        RESERVED
 CVE-2019-4460 (IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could 
allow a ...)
        NOT-FOR-US: IBM
-CVE-2019-4459
-       RESERVED
+CVE-2019-4459 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 
2.5 throu ...)
+       TODO: check
 CVE-2019-4458
        RESERVED
 CVE-2019-4457
@@ -40245,10 +40299,10 @@ CVE-2019-4400
        RESERVED
 CVE-2019-4399
        RESERVED
-CVE-2019-4398
-       RESERVED
-CVE-2019-4397
-       RESERVED
+CVE-2019-4398 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 
2.5 throu ...)
+       TODO: check
+CVE-2019-4397 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 
2.5 throu ...)
+       TODO: check
 CVE-2019-4396
        RESERVED
 CVE-2019-4395



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6aa19172dcff64633237f16a26b255c562201d08

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6aa19172dcff64633237f16a26b255c562201d08
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to