[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Feb 11 08:10:30 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a52855c2 by security tracker role at 2019-02-11T08:10:20Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,79 @@
+CVE-2019-7721 (lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the ...)
+	TODO: check
+CVE-2019-7720 (taocms through 2014-05-24 allows eval injection by placing PHP code in ...)
+	TODO: check
+CVE-2019-7719 (Nibbleblog 4.0.5 allows eval injection by placing PHP code in the ...)
+	TODO: check
+CVE-2019-7718 (An issue was discovered in Metinfo 6.x. An attacker can leverage a race ...)
+	TODO: check
+CVE-2019-7717
+	RESERVED
+CVE-2019-7716
+	RESERVED
+CVE-2019-7715
+	RESERVED
+CVE-2019-7714
+	RESERVED
+CVE-2019-7713
+	RESERVED
+CVE-2019-7712
+	RESERVED
+CVE-2019-7711
+	RESERVED
+CVE-2019-7710
+	RESERVED
+CVE-2019-7709
+	RESERVED
+CVE-2019-7708
+	RESERVED
+CVE-2019-7707
+	RESERVED
+CVE-2019-7706
+	RESERVED
+CVE-2019-7705
+	RESERVED
+CVE-2019-7704 (wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen ...)
+	TODO: check
+CVE-2019-7703 (In Binaryen 1.38.22, there is a use-after-free problem in ...)
+	TODO: check
+CVE-2019-7702 (A NULL pointer dereference was discovered in ...)
+	TODO: check
+CVE-2019-7701 (A heap-based buffer over-read was discovered in ...)
+	TODO: check
+CVE-2019-7700 (A heap-based buffer over-read was discovered in ...)
+	TODO: check
+CVE-2019-7699 (A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in ...)
+	TODO: check
+CVE-2019-7698 (An issue was discovered in ...)
+	TODO: check
+CVE-2019-7697 (An issue was discovered in Bento4 v1.5.1-627. There is an assertion ...)
+	TODO: check
+CVE-2018-20780 (Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka ...)
+	TODO: check
+CVE-2018-20779 (Traq 3.7.1 allows SQL Injection via a tickets?search= URI. ...)
+	TODO: check
+CVE-2018-20778 (admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a ...)
+	TODO: check
+CVE-2018-20777 (Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. ...)
+	TODO: check
+CVE-2018-20776 (Frog CMS 0.9.5 provides a directory listing for a /public request. ...)
+	TODO: check
+CVE-2018-20775 (admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution ...)
+	TODO: check
+CVE-2018-20774 (Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. ...)
+	TODO: check
+CVE-2018-20773 (Frog CMS 0.9.5 allows PHP code execution by visiting ...)
+	TODO: check
+CVE-2018-20772 (Frog CMS 0.9.5 allows PHP code execution via <?php to the ...)
+	TODO: check
 CVE-2019-7696
 	RESERVED
 CVE-2019-7695
 	RESERVED
 CVE-2019-7694
 	RESERVED
-CVE-2019-7693
-	RESERVED
+CVE-2019-7693 (Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the ...)
+	TODO: check
 CVE-2019-7692 (install/install.php in CIM 0.9.3 allows remote attackers to execute ...)
 	TODO: check
 CVE-2019-7691
@@ -220519,7 +220587,7 @@ CVE-2013-1939 (The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.
 CVE-2013-1938
 	RESERVED
 	NOT-FOR-US: Zimbra
-CVE-2013-1937 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+CVE-2013-1937 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	- phpmyadmin <not-affected> (Affected are versions 3.5.0 to 3.5.7, older versions not vulnerable)
 	NOTE: http://seclists.org/fulldisclosure/2013/Apr/100
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a52855c2df1826a903738afcbde7945f49c09a52

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a52855c2df1826a903738afcbde7945f49c09a52
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190211/acc54dbd/attachment.html>

More information about the debian-security-tracker-commits mailing list