Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
72d87fc7 by Salvatore Bonaccorso at 2019-06-30T20:16:28Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,15 +17,15 @@ CVE-2019-13088
CVE-2019-13087
RESERVED
CVE-2019-13086 (core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has
member/log ...)
- TODO: check
+ NOT-FOR-US: CSZ CMS
CVE-2019-13085 (XnView Classic 2.48 has a User Mode Write AV starting at
xnview+0x0000 ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2019-13084 (XnView Classic 2.48 has a User Mode Write AV starting at
xnview+0x0000 ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2019-13083 (XnView Classic 2.48 has a User Mode Write AV starting at
xnview+0x0000 ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2019-13082 (Chamilo LMS 1.11.8 and 2.x allows remote code execution
through an lp_ ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2019-13081
RESERVED
CVE-2019-13080
@@ -45,9 +45,9 @@ CVE-2019-13074
CVE-2019-13073
RESERVED
CVE-2018-20849 (Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO
to the ...)
- TODO: check
+ NOT-FOR-US: Arastta eCommerce
CVE-2018-20848 (Advisto PEEL SHOPPING 9.0.0 has CSRF via
en/achat/caddie_ajout.php and ...)
- TODO: check
+ NOT-FOR-US: Advisto PEEL SHOPPING
CVE-2019-13072 (Stored XSS in the Filters page (Name field) in ZoneMinder
1.32.3 allow ...)
- zoneminder <unfixed>
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2642
@@ -3068,23 +3068,23 @@ CVE-2019-11831 (The PharStreamWrapper (aka
phar-stream-wrapper) package 2.x befo
CVE-2019-11830 (PharMetaDataInterceptor in the PharStreamWrapper (aka
phar-stream-wrap ...)
NOT-FOR-US: phar-stream-wrapper
CVE-2019-11829 (OS command injection vulnerability in
drivers_syno_import_user.php in ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2019-11828 (Cross-site scripting (XSS) vulnerability in Chart in Synology
Office b ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2019-11827 (Cross-site scripting (XSS) vulnerability in
SYNO.NoteStation.Shard in ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2019-11826 (Relative path traversal vulnerability in
SYNO.PhotoTeam.Upload.Item in ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2019-11825 (Cross-site scripting (XSS) vulnerability in Event Editor in
Synology C ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2019-11824
RESERVED
CVE-2019-11823
RESERVED
CVE-2019-11822 (Relative path traversal vulnerability in
SYNO.PhotoStation.File in Syn ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2019-11821 (SQL injection vulnerability in synophoto_csPhotoDB.php in
Synology Pho ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2019-11820 (Information exposure through process environment vulnerability
in Syno ...)
NOT-FOR-US: Synology Calendar
CVE-2019-11819 (Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka
Excel Macro ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/72d87fc7cfc47243f7ed3c547b9a97b1501a0917
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/72d87fc7cfc47243f7ed3c547b9a97b1501a0917
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
