[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Sun Jun 30 21:10:47 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d76f9339 by security tracker role at 2019-06-30T20:10:32Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2019-13095
+	RESERVED
+CVE-2019-13094
+	RESERVED
+CVE-2019-13093
+	RESERVED
+CVE-2019-13092
+	RESERVED
+CVE-2019-13091
+	RESERVED
+CVE-2019-13090
+	RESERVED
+CVE-2019-13089
+	RESERVED
+CVE-2019-13088
+	RESERVED
+CVE-2019-13087
+	RESERVED
+CVE-2019-13086 (core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/log ...)
+	TODO: check
+CVE-2019-13085 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
+	TODO: check
+CVE-2019-13084 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
+	TODO: check
+CVE-2019-13083 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
+	TODO: check
+CVE-2019-13082 (Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_ ...)
+	TODO: check
+CVE-2019-13081
+	RESERVED
+CVE-2019-13080
+	RESERVED
+CVE-2019-13079
+	RESERVED
+CVE-2019-13078
+	RESERVED
+CVE-2019-13077
+	RESERVED
+CVE-2019-13076
+	RESERVED
+CVE-2019-13075 (Tor Browser through 8.5.3 has an information exposure vulnerability. I ...)
+	TODO: check
+CVE-2019-13074
+	RESERVED
+CVE-2019-13073
+	RESERVED
+CVE-2018-20849 (Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the  ...)
+	TODO: check
+CVE-2018-20848 (Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and ...)
+	TODO: check
 CVE-2019-13072 (Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allow ...)
 	- zoneminder <unfixed>
 	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2642
@@ -2983,6 +3033,7 @@ CVE-2019-11843
 CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsign/cle ...)
 	TODO: check
 CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...)
+	{DLA-1840-1}
 	- golang-go.crypto <unfixed>
 	NOTE: https://github.com/golang/go/issues/30965
 	NOTE: https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
@@ -3016,24 +3067,24 @@ CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x befo
 	NOTE: https://www.drupal.org/SA-CORE-2019-007
 CVE-2019-11830 (PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrap ...)
 	NOT-FOR-US: phar-stream-wrapper
-CVE-2019-11829
-	RESERVED
-CVE-2019-11828
-	RESERVED
-CVE-2019-11827
-	RESERVED
-CVE-2019-11826
-	RESERVED
-CVE-2019-11825
-	RESERVED
+CVE-2019-11829 (OS command injection vulnerability in drivers_syno_import_user.php in  ...)
+	TODO: check
+CVE-2019-11828 (Cross-site scripting (XSS) vulnerability in Chart in Synology Office b ...)
+	TODO: check
+CVE-2019-11827 (Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in  ...)
+	TODO: check
+CVE-2019-11826 (Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in ...)
+	TODO: check
+CVE-2019-11825 (Cross-site scripting (XSS) vulnerability in Event Editor in Synology C ...)
+	TODO: check
 CVE-2019-11824
 	RESERVED
 CVE-2019-11823
 	RESERVED
-CVE-2019-11822
-	RESERVED
-CVE-2019-11821
-	RESERVED
+CVE-2019-11822 (Relative path traversal vulnerability in SYNO.PhotoStation.File in Syn ...)
+	TODO: check
+CVE-2019-11821 (SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Pho ...)
+	TODO: check
 CVE-2019-11820 (Information exposure through process environment vulnerability in Syno ...)
 	NOT-FOR-US: Synology Calendar
 CVE-2019-11819 (Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d76f9339378662f6bf2d13af5d170dc3d7626011

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d76f9339378662f6bf2d13af5d170dc3d7626011
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190630/40507008/attachment.html>

More information about the debian-security-tracker-commits mailing list