[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Sun Jun 30 21:16:56 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72d87fc7 by Salvatore Bonaccorso at 2019-06-30T20:16:28Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,15 +17,15 @@ CVE-2019-13088
CVE-2019-13087
RESERVED
CVE-2019-13086 (core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/log ...)
- TODO: check
+ NOT-FOR-US: CSZ CMS
CVE-2019-13085 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2019-13084 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2019-13083 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2019-13082 (Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_ ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2019-13081
RESERVED
CVE-2019-13080
@@ -45,9 +45,9 @@ CVE-2019-13074
CVE-2019-13073
RESERVED
CVE-2018-20849 (Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the ...)
- TODO: check
+ NOT-FOR-US: Arastta eCommerce
CVE-2018-20848 (Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and ...)
- TODO: check
+ NOT-FOR-US: Advisto PEEL SHOPPING
CVE-2019-13072 (Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allow ...)
- zoneminder <unfixed>
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2642
@@ -3068,23 +3068,23 @@ CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x befo
CVE-2019-11830 (PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrap ...)
NOT-FOR-US: phar-stream-wrapper
CVE-2019-11829 (OS command injection vulnerability in drivers_syno_import_user.php in ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2019-11828 (Cross-site scripting (XSS) vulnerability in Chart in Synology Office b ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2019-11827 (Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2019-11826 (Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2019-11825 (Cross-site scripting (XSS) vulnerability in Event Editor in Synology C ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2019-11824
RESERVED
CVE-2019-11823
RESERVED
CVE-2019-11822 (Relative path traversal vulnerability in SYNO.PhotoStation.File in Syn ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2019-11821 (SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Pho ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2019-11820 (Information exposure through process environment vulnerability in Syno ...)
NOT-FOR-US: Synology Calendar
CVE-2019-11819 (Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/72d87fc7cfc47243f7ed3c547b9a97b1501a0917
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/72d87fc7cfc47243f7ed3c547b9a97b1501a0917
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190630/f70c86aa/attachment.html>
More information about the debian-security-tracker-commits
mailing list