[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Sun, 30 Jun 2019 13:11:08 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d76f9339 by security tracker role at 2019-06-30T20:10:32Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2019-13095
+       RESERVED
+CVE-2019-13094
+       RESERVED
+CVE-2019-13093
+       RESERVED
+CVE-2019-13092
+       RESERVED
+CVE-2019-13091
+       RESERVED
+CVE-2019-13090
+       RESERVED
+CVE-2019-13089
+       RESERVED
+CVE-2019-13088
+       RESERVED
+CVE-2019-13087
+       RESERVED
+CVE-2019-13086 (core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has 
member/log ...)
+       TODO: check
+CVE-2019-13085 (XnView Classic 2.48 has a User Mode Write AV starting at 
xnview+0x0000 ...)
+       TODO: check
+CVE-2019-13084 (XnView Classic 2.48 has a User Mode Write AV starting at 
xnview+0x0000 ...)
+       TODO: check
+CVE-2019-13083 (XnView Classic 2.48 has a User Mode Write AV starting at 
xnview+0x0000 ...)
+       TODO: check
+CVE-2019-13082 (Chamilo LMS 1.11.8 and 2.x allows remote code execution 
through an lp_ ...)
+       TODO: check
+CVE-2019-13081
+       RESERVED
+CVE-2019-13080
+       RESERVED
+CVE-2019-13079
+       RESERVED
+CVE-2019-13078
+       RESERVED
+CVE-2019-13077
+       RESERVED
+CVE-2019-13076
+       RESERVED
+CVE-2019-13075 (Tor Browser through 8.5.3 has an information exposure 
vulnerability. I ...)
+       TODO: check
+CVE-2019-13074
+       RESERVED
+CVE-2019-13073
+       RESERVED
+CVE-2018-20849 (Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO 
to the  ...)
+       TODO: check
+CVE-2018-20848 (Advisto PEEL SHOPPING 9.0.0 has CSRF via 
en/achat/caddie_ajout.php and ...)
+       TODO: check
 CVE-2019-13072 (Stored XSS in the Filters page (Name field) in ZoneMinder 
1.32.3 allow ...)
        - zoneminder <unfixed>
        NOTE: https://github.com/ZoneMinder/zoneminder/issues/2642
@@ -2983,6 +3033,7 @@ CVE-2019-11843
 CVE-2019-11841 (A message-forgery issue was discovered in 
crypto/openpgp/clearsign/cle ...)
        TODO: check
 CVE-2019-11840 (An issue was discovered in supplementary Go cryptography 
libraries, ak ...)
+       {DLA-1840-1}
        - golang-go.crypto <unfixed>
        NOTE: https://github.com/golang/go/issues/30965
        NOTE: 
https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
@@ -3016,24 +3067,24 @@ CVE-2019-11831 (The PharStreamWrapper (aka 
phar-stream-wrapper) package 2.x befo
        NOTE: https://www.drupal.org/SA-CORE-2019-007
 CVE-2019-11830 (PharMetaDataInterceptor in the PharStreamWrapper (aka 
phar-stream-wrap ...)
        NOT-FOR-US: phar-stream-wrapper
-CVE-2019-11829
-       RESERVED
-CVE-2019-11828
-       RESERVED
-CVE-2019-11827
-       RESERVED
-CVE-2019-11826
-       RESERVED
-CVE-2019-11825
-       RESERVED
+CVE-2019-11829 (OS command injection vulnerability in 
drivers_syno_import_user.php in  ...)
+       TODO: check
+CVE-2019-11828 (Cross-site scripting (XSS) vulnerability in Chart in Synology 
Office b ...)
+       TODO: check
+CVE-2019-11827 (Cross-site scripting (XSS) vulnerability in 
SYNO.NoteStation.Shard in  ...)
+       TODO: check
+CVE-2019-11826 (Relative path traversal vulnerability in 
SYNO.PhotoTeam.Upload.Item in ...)
+       TODO: check
+CVE-2019-11825 (Cross-site scripting (XSS) vulnerability in Event Editor in 
Synology C ...)
+       TODO: check
 CVE-2019-11824
        RESERVED
 CVE-2019-11823
        RESERVED
-CVE-2019-11822
-       RESERVED
-CVE-2019-11821
-       RESERVED
+CVE-2019-11822 (Relative path traversal vulnerability in 
SYNO.PhotoStation.File in Syn ...)
+       TODO: check
+CVE-2019-11821 (SQL injection vulnerability in synophoto_csPhotoDB.php in 
Synology Pho ...)
+       TODO: check
 CVE-2019-11820 (Information exposure through process environment vulnerability 
in Syno ...)
        NOT-FOR-US: Synology Calendar
 CVE-2019-11819 (Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka 
Excel Macro ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d76f9339378662f6bf2d13af5d170dc3d7626011

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d76f9339378662f6bf2d13af5d170dc3d7626011
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to