[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Jul 19 09:10:34 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
998a8d10 by security tracker role at 2019-07-19T08:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2019-13978 (Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php ...)
+	TODO: check
+CVE-2019-13977 (index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&id ...)
+	TODO: check
+CVE-2019-13976
+	RESERVED
+CVE-2019-13975
+	RESERVED
+CVE-2019-13974 (LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. ...)
+	TODO: check
+CVE-2019-13973 (LayerBB 1.1.3 allows admin/general.php arbitrary file upload because t ...)
+	TODO: check
+CVE-2019-13972 (LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title ...)
+	TODO: check
+CVE-2019-13971 (OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=aut ...)
+	TODO: check
+CVE-2019-13970 (In antSword before 2.1.0, self-XSS in the database configuration leads ...)
+	TODO: check
+CVE-2019-13969 (Metinfo 6.x allows SQL Injection via the id parameter in an admin/inde ...)
+	TODO: check
+CVE-2019-13968
+	RESERVED
+CVE-2019-13967
+	RESERVED
+CVE-2019-13966
+	RESERVED
+CVE-2019-13965
+	RESERVED
+CVE-2019-13964
+	RESERVED
+CVE-2019-13963
+	RESERVED
+CVE-2019-13962 (lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC medi ...)
+	TODO: check
+CVE-2019-13961 (A CSRF vulnerability was found in flatCore before 1.5, leading to the  ...)
+	TODO: check
 CVE-2019-13960 (** DISPUTED ** In libjpeg-turbo 2.0.2, a large amount of memory can be ...)
 	TODO: check
 CVE-2019-13959 (In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reall ...)
@@ -11447,7 +11483,7 @@ CVE-2019-1010268 (Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb
 	TODO: check
 CVE-2019-1010267
 	RESERVED
-CVE-2019-1010266 (lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource  ...)
+CVE-2019-1010266 (lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource ...)
 	- node-lodash 4.17.11+dfsg-1 (unimportant)
 	NOTE: https://github.com/lodash/lodash/issues/3359
 	NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-73639
@@ -16988,8 +17024,8 @@ CVE-2019-7965
 	RESERVED
 CVE-2019-7964
 	RESERVED
-CVE-2019-7963
-	RESERVED
+CVE-2019-7963 (Adobe Bridge CC version 9.0.2 and earlier versions have an out of boun ...)
+	TODO: check
 CVE-2019-7962
 	RESERVED
 CVE-2019-7961
@@ -17002,14 +17038,14 @@ CVE-2019-7958
 	RESERVED
 CVE-2019-7957
 	RESERVED
-CVE-2019-7956
-	RESERVED
-CVE-2019-7955
-	RESERVED
-CVE-2019-7954
-	RESERVED
-CVE-2019-7953
-	RESERVED
+CVE-2019-7956 (Adobe Dreamweaver direct download installer versions 19.0 and below, 1 ...)
+	TODO: check
+CVE-2019-7955 (Adobe Experience Manager version 6.4 and ealier have a Reflected Cross ...)
+	TODO: check
+CVE-2019-7954 (Adobe Experience Manager version 6.4 and ealier have a Stored Cross-si ...)
+	TODO: check
+CVE-2019-7953 (Adobe Experience Manager version 6.4 and ealier have a Cross-Site Requ ...)
+	TODO: check
 CVE-2019-7952
 	RESERVED
 CVE-2019-7951
@@ -17032,8 +17068,8 @@ CVE-2019-7943
 	RESERVED
 CVE-2019-7942
 	RESERVED
-CVE-2019-7941
-	RESERVED
+CVE-2019-7941 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
+	TODO: check
 CVE-2019-7940
 	RESERVED
 CVE-2019-7939
@@ -17214,22 +17250,22 @@ CVE-2019-7852
 	RESERVED
 CVE-2019-7851
 	RESERVED
-CVE-2019-7850
-	RESERVED
+CVE-2019-7850 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
+	TODO: check
 CVE-2019-7849
 	RESERVED
-CVE-2019-7848
-	RESERVED
-CVE-2019-7847
-	RESERVED
-CVE-2019-7846
-	RESERVED
+CVE-2019-7848 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
+	TODO: check
+CVE-2019-7847 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
+	TODO: check
+CVE-2019-7846 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
+	TODO: check
 CVE-2019-7845 (Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and ear ...)
 	NOT-FOR-US: Adobe
 CVE-2019-7844 (Adobe Media Encoder version 13.0.2 has an out-of-bounds read vulnerabi ...)
 	NOT-FOR-US: Adobe
-CVE-2019-7843
-	RESERVED
+CVE-2019-7843 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have  ...)
+	TODO: check
 CVE-2019-7842 (Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability. ...)
 	NOT-FOR-US: Adobe
 CVE-2019-7841 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/998a8d10a0093cc86d65a4c20170e5f8e2bb98ea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/998a8d10a0093cc86d65a4c20170e5f8e2bb98ea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190719/1e33b120/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list