[Git][security-tracker-team/security-tracker][master] automatic update

Sat Apr 20 21:10:34 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
46c1ee44 by security tracker role at 2019-04-20T20:10:24Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,44 @@
-CVE-2019-11366 [Concurrency issue denial of service]
+CVE-2019-11378 (An issue was discovered in ProjectSend r1053. upload-process-form.php  ...)
+	TODO: check
+CVE-2019-11377 (wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload  ...)
+	TODO: check
+CVE-2019-11376 (** DISPUTED ** SOY CMS v3.0.2 allows remote attackers to execute arbit ...)
+	TODO: check
+CVE-2019-11375 (Msvod v10 has a CSRF vulnerability to change user information via the  ...)
+	TODO: check
+CVE-2019-11374 (74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the  ...)
+	TODO: check
+CVE-2019-11373 (An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer ...)
+	TODO: check
+CVE-2019-11372 (An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test ...)
+	TODO: check
+CVE-2019-11371 (BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow vi ...)
+	TODO: check
+CVE-2019-11370
+	RESERVED
+CVE-2019-11369
+	RESERVED
+CVE-2019-11368
+	RESERVED
+CVE-2019-11367
+	RESERVED
+CVE-2019-11364
+	RESERVED
+CVE-2019-11363
+	RESERVED
+CVE-2019-11362 (app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL  ...)
+	TODO: check
+CVE-2019-11361
+	RESERVED
+CVE-2016-10748
+	RESERVED
+CVE-2016-10747
+	RESERVED
+CVE-2019-11366 (An issue was discovered in atftpd in atftp 0.7.1. It does not lock the ...)
 	- atftp <unfixed> (bug #927553)
 	NOTE: https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
 	NOTE: https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/
-CVE-2019-11365 [Error handler stack overflow]
+CVE-2019-11365 (An issue was discovered in atftpd in atftp 0.7.1. A remote attacker ma ...)
 	- atftp <unfixed> (bug #927553)
 	NOTE: https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities
 	NOTE: https://sourceforge.net/p/atftp/code/ci/abed7d245d8e8bdfeab24f9f7f55a52c3140f96b/
@@ -202,6 +238,7 @@ CVE-2019-11269
 CVE-2019-11268
 	RESERVED
 CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...)
+	{DSA-4434-1}
 	- drupal7 <removed> (bug #927330)
 	- jquery 3.3.1~dfsg-2 (bug #927385)
 	- node-jquery <unfixed> (bug #927466)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46c1ee44194252aaf9bc1d42498aea4133db59a0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/46c1ee44194252aaf9bc1d42498aea4133db59a0
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190420/72a11c28/attachment.html>
