[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Jul 10 09:10:31 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
61f3b719 by security tracker role at 2019-07-10T08:10:21Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2019-13478 (The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly r ...)
+	TODO: check
+CVE-2019-13477
+	RESERVED
+CVE-2019-13476
+	RESERVED
+CVE-2019-13475 (In MobaXterm 11.1, the mobaxterm: URI handler has an argument injectio ...)
+	TODO: check
+CVE-2019-13474
+	RESERVED
+CVE-2019-13473
+	RESERVED
+CVE-2019-13472 (PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the ...)
+	TODO: check
+CVE-2019-13471
+	RESERVED
+CVE-2019-13470 (MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling ...)
+	TODO: check
+CVE-2019-13469
+	RESERVED
+CVE-2019-13468
+	RESERVED
+CVE-2019-13467
+	RESERVED
+CVE-2019-13466
+	RESERVED
 CVE-2019-13465
 	RESERVED
 CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2 ...)
@@ -177,8 +203,8 @@ CVE-2019-13382
 	RESERVED
 CVE-2019-13381
 	RESERVED
-CVE-2019-13380
-	RESERVED
+CVE-2019-13380 (KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from  ...)
+	TODO: check
 CVE-2019-13379 (On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access  ...)
 	NOT-FOR-US: AVTECH Room Alert
 CVE-2019-13378
@@ -268,10 +294,10 @@ CVE-2019-13340 (In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php
 	NOT-FOR-US: MiniCMS
 CVE-2019-13339 (In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (cont ...)
 	NOT-FOR-US: MiniCMS
-CVE-2019-13338
-	RESERVED
-CVE-2019-13337
-	RESERVED
+CVE-2019-13338 (In WESEEK GROWI before 3.5.0, a remote attacker can obtain the passwor ...)
+	TODO: check
+CVE-2019-13337 (In WESEEK GROWI before 3.5.0, the site-wide basic authentication can b ...)
+	TODO: check
 CVE-2019-13336
 	RESERVED
 CVE-2019-13335
@@ -436,8 +462,8 @@ CVE-2019-13279
 	RESERVED
 CVE-2019-13278
 	RESERVED
-CVE-2019-13277
-	RESERVED
+CVE-2019-13277 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows a ...)
+	TODO: check
 CVE-2019-13276
 	RESERVED
 CVE-2019-13275 (An issue was discovered in the VeronaLabs wp-statistics plugin before  ...)
@@ -4961,8 +4987,8 @@ CVE-2019-11514 (User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta
 	NOT-FOR-US: Flarum
 CVE-2019-11513 (The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS v ...)
 	NOT-FOR-US: CMS Made Simple
-CVE-2019-11512
-	RESERVED
+CVE-2019-11512 (Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7 ...)
+	TODO: check
 CVE-2019-11511 (Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the ...)
 	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
 CVE-2019-11510 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before ...)
@@ -11884,14 +11910,14 @@ CVE-2019-9151 (An issue was discovered in the HDF HDF5 1.10.4 library. There is
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul7
 	NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10718
-CVE-2019-9150
-	RESERVED
-CVE-2019-9149
-	RESERVED
-CVE-2019-9148
-	RESERVED
-CVE-2019-9147
-	RESERVED
+CVE-2019-9150 (Mailvelope prior to 3.3.0 does not require user interaction to import  ...)
+	TODO: check
+CVE-2019-9149 (Mailvelope prior to 3.3.0 allows private key operations without user i ...)
+	TODO: check
+CVE-2019-9148 (Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public  ...)
+	TODO: check
+CVE-2019-9147 (Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack again ...)
+	TODO: check
 CVE-2019-9146 (Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain  ...)
 	NOT-FOR-US: Jamf Self Service
 CVE-2019-9145 (An issue was discovered in Hsycms V1.1. There is an XSS vulnerability  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/61f3b719bcf3f578eb0eb7cf9d8befed7bb79468

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/61f3b719bcf3f578eb0eb7cf9d8befed7bb79468
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190710/a23e2f2a/attachment.html>

More information about the debian-security-tracker-commits mailing list