[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 10 Jul 2019 01:10:57 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
61f3b719 by security tracker role at 2019-07-10T08:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-13478 (The Yoast SEO plugin before 11.6-RC5 for WordPress does not 
properly r ...)
+       TODO: check
+CVE-2019-13477
+       RESERVED
+CVE-2019-13476
+       RESERVED
+CVE-2019-13475 (In MobaXterm 11.1, the mobaxterm: URI handler has an argument 
injectio ...)
+       TODO: check
+CVE-2019-13474
+       RESERVED
+CVE-2019-13473
+       RESERVED
+CVE-2019-13472 (PHPWind 9.1.0 has XSS vulnerabilities in the c and m 
parameters of the ...)
+       TODO: check
+CVE-2019-13471
+       RESERVED
+CVE-2019-13470 (MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 
handling ...)
+       TODO: check
+CVE-2019-13469
+       RESERVED
+CVE-2019-13468
+       RESERVED
+CVE-2019-13467
+       RESERVED
+CVE-2019-13466
+       RESERVED
 CVE-2019-13465
        RESERVED
 CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set 
(CRS) 3.0.2 ...)
@@ -177,8 +203,8 @@ CVE-2019-13382
        RESERVED
 CVE-2019-13381
        RESERVED
-CVE-2019-13380
-       RESERVED
+CVE-2019-13380 (KEYNTO Team Password Manager 1.5.0 allows XSS because data 
saved from  ...)
+       TODO: check
 CVE-2019-13379 (On AVTECH Room Alert 3E devices before 2.2.5, an attacker with 
access  ...)
        NOT-FOR-US: AVTECH Room Alert
 CVE-2019-13378
@@ -268,10 +294,10 @@ CVE-2019-13340 (In MiniCMS V1.10, stored XSS was found in 
mc-admin/post-edit.php
        NOT-FOR-US: MiniCMS
 CVE-2019-13339 (In MiniCMS V1.10, stored XSS was found in 
mc-admin/page-edit.php (cont ...)
        NOT-FOR-US: MiniCMS
-CVE-2019-13338
-       RESERVED
-CVE-2019-13337
-       RESERVED
+CVE-2019-13338 (In WESEEK GROWI before 3.5.0, a remote attacker can obtain the 
passwor ...)
+       TODO: check
+CVE-2019-13337 (In WESEEK GROWI before 3.5.0, the site-wide basic 
authentication can b ...)
+       TODO: check
 CVE-2019-13336
        RESERVED
 CVE-2019-13335
@@ -436,8 +462,8 @@ CVE-2019-13279
        RESERVED
 CVE-2019-13278
        RESERVED
-CVE-2019-13277
-       RESERVED
+CVE-2019-13277 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 
allows a ...)
+       TODO: check
 CVE-2019-13276
        RESERVED
 CVE-2019-13275 (An issue was discovered in the VeronaLabs wp-statistics plugin 
before  ...)
@@ -4961,8 +4987,8 @@ CVE-2019-11514 (User/Command/ConfirmEmailHandler.php in 
Flarum before 0.1.0-beta
        NOT-FOR-US: Flarum
 CVE-2019-11513 (The File Manager in CMS Made Simple through 2.2.10 has 
Reflected XSS v ...)
        NOT-FOR-US: CMS Made Simple
-CVE-2019-11512
-       RESERVED
+CVE-2019-11512 (Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and 
Contao 4.7 ...)
+       TODO: check
 CVE-2019-11511 (Zoho ManageEngine ADSelfService Plus before build 5708 has XSS 
via the ...)
        NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
 CVE-2019-11510 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 
8.2 before ...)
@@ -11884,14 +11910,14 @@ CVE-2019-9151 (An issue was discovered in the HDF 
HDF5 1.10.4 library. There is
        [stretch] - hdf5 <no-dsa> (Minor issue)
        NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul7
        NOTE: issue in upstream bug tracker: 
https://jira.hdfgroup.org/browse/HDFFV-10718
-CVE-2019-9150
-       RESERVED
-CVE-2019-9149
-       RESERVED
-CVE-2019-9148
-       RESERVED
-CVE-2019-9147
-       RESERVED
+CVE-2019-9150 (Mailvelope prior to 3.3.0 does not require user interaction to 
import  ...)
+       TODO: check
+CVE-2019-9149 (Mailvelope prior to 3.3.0 allows private key operations without 
user i ...)
+       TODO: check
+CVE-2019-9148 (Mailvelope prior to 3.3.0 accepts or operates with invalid PGP 
public  ...)
+       TODO: check
+CVE-2019-9147 (Mailvelope prior to 3.1.0 is vulnerable to a clickjacking 
attack again ...)
+       TODO: check
 CVE-2019-9146 (Jamf Self Service 10.9.0 allows man-in-the-middle attackers to 
obtain  ...)
        NOT-FOR-US: Jamf Self Service
 CVE-2019-9145 (An issue was discovered in Hsycms V1.1. There is an XSS 
vulnerability  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/61f3b719bcf3f578eb0eb7cf9d8befed7bb79468

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/61f3b719bcf3f578eb0eb7cf9d8befed7bb79468
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to