Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7e4d27cb by security tracker role at 2019-02-06T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,45 +1,219 @@
+CVE-2019-7541
+ RESERVED
+CVE-2019-7540
+ RESERVED
+CVE-2019-7539
+ RESERVED
+CVE-2019-7538
+ RESERVED
+CVE-2019-7537
+ RESERVED
+CVE-2019-7536
+ RESERVED
+CVE-2019-7535
+ RESERVED
+CVE-2019-7534
+ RESERVED
+CVE-2019-7533
+ RESERVED
+CVE-2019-7532
+ RESERVED
+CVE-2019-7531
+ RESERVED
+CVE-2019-7530
+ RESERVED
+CVE-2019-7529
+ RESERVED
+CVE-2019-7528
+ RESERVED
+CVE-2019-7527
+ RESERVED
+CVE-2019-7526
+ RESERVED
+CVE-2019-7525
+ RESERVED
+CVE-2019-7524
+ RESERVED
+CVE-2019-7523
+ RESERVED
+CVE-2019-7522
+ RESERVED
+CVE-2019-7521
+ RESERVED
+CVE-2019-7520
+ RESERVED
+CVE-2019-7519
+ RESERVED
+CVE-2019-7518
+ RESERVED
+CVE-2019-7517
+ RESERVED
+CVE-2019-7516
+ RESERVED
+CVE-2019-7515
+ RESERVED
+CVE-2019-7514
+ RESERVED
+CVE-2019-7513
+ RESERVED
+CVE-2019-7512
+ RESERVED
+CVE-2019-7511
+ RESERVED
+CVE-2019-7510
+ RESERVED
+CVE-2019-7509
+ RESERVED
+CVE-2019-7508
+ RESERVED
+CVE-2019-7507
+ RESERVED
+CVE-2019-7506
+ RESERVED
+CVE-2019-7505
+ RESERVED
+CVE-2019-7504
+ RESERVED
+CVE-2019-7503
+ RESERVED
+CVE-2019-7502
+ RESERVED
+CVE-2019-7501
+ RESERVED
+CVE-2019-7500
+ RESERVED
+CVE-2019-7499
+ RESERVED
+CVE-2019-7498
+ RESERVED
+CVE-2019-7497
+ RESERVED
+CVE-2019-7496
+ RESERVED
+CVE-2019-7495
+ RESERVED
+CVE-2019-7494
+ RESERVED
+CVE-2019-7493
+ RESERVED
+CVE-2019-7492
+ RESERVED
+CVE-2019-7491
+ RESERVED
+CVE-2019-7490
+ RESERVED
+CVE-2019-7489
+ RESERVED
+CVE-2019-7488
+ RESERVED
+CVE-2019-7487
+ RESERVED
+CVE-2019-7486
+ RESERVED
+CVE-2019-7485
+ RESERVED
+CVE-2019-7484
+ RESERVED
+CVE-2019-7483
+ RESERVED
+CVE-2019-7482
+ RESERVED
+CVE-2019-7481
+ RESERVED
+CVE-2019-7480
+ RESERVED
+CVE-2019-7479
+ RESERVED
+CVE-2019-7478
+ RESERVED
+CVE-2019-7477
+ RESERVED
+CVE-2019-7476
+ RESERVED
+CVE-2019-7475
+ RESERVED
+CVE-2019-7474
+ RESERVED
+CVE-2019-7473
+ RESERVED
+CVE-2019-7472
+ RESERVED
+CVE-2019-7471
+ RESERVED
+CVE-2019-7470
+ RESERVED
+CVE-2019-7469
+ RESERVED
+CVE-2019-7468
+ RESERVED
+CVE-2019-7467
+ RESERVED
+CVE-2019-7466
+ RESERVED
+CVE-2019-7465
+ RESERVED
+CVE-2019-7464
+ RESERVED
+CVE-2019-7463
+ RESERVED
+CVE-2019-7462
+ RESERVED
+CVE-2018-20759
+ RESERVED
+CVE-2018-20758 (MODX Revolution through v2.7.0-pl allows XSS via User Settings
such as ...)
+ TODO: check
+CVE-2018-20757 (MODX Revolution through v2.7.0-pl allows XSS via an extended
user field ...)
+ TODO: check
+CVE-2018-20756 (MODX Revolution through v2.7.0-pl allows XSS via a document
resource ...)
+ TODO: check
+CVE-2018-20755 (MODX Revolution through v2.7.0-pl allows XSS via the User
Photo field. ...)
+ TODO: check
+CVE-2018-20754
+ RESERVED
+CVE-2015-9282 (The Pie Chart Panel plugin through 2019-01-02 for Grafana is
vulnerable ...)
+ TODO: check
CVE-2019-XXXX [netmask: buffer overflow vulnerability]
- netmask 2.4.4-1
[stretch] - netmask <no-dsa> (Minor issue)
NOTE: https://github.com/tlby/netmask/issues/3
NOTE:
https://github.com/tlby/netmask/commit/29a9c239bd1008363f5b34ffd6c2cef906f3660c
-CVE-2019-1003023
+CVE-2019-1003023 (A cross-site scripting vulnerability exists in Jenkins
Warnings Next ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003022
+CVE-2019-1003022 (A denial of service vulnerability exists in Jenkins
Monitoring Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003021
+CVE-2019-1003021 (An exposure of sensitive information vulnerability exists in
Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003020
+CVE-2019-1003020 (A server-side request forgery vulnerability exists in
Jenkins Kanboard ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003019
+CVE-2019-1003019 (An session fixation vulnerability exists in Jenkins GitHub
...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003018
+CVE-2019-1003018 (An exposure of sensitive information vulnerability exists in
Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003017
+CVE-2019-1003017 (A data modification vulnerability exists in Jenkins Job
Import Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003016
+CVE-2019-1003016 (An exposure of sensitive information vulnerability exists in
Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003015
+CVE-2019-1003015 (An XML external entity processing vulnerability exists in
Jenkins Job ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003014
+CVE-2019-1003014 (An cross-site scripting vulnerability exists in Jenkins
Config File ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003013
+CVE-2019-1003013 (An cross-site scripting vulnerability exists in Jenkins Blue
Ocean ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003012
+CVE-2019-1003012 (A data modification vulnerability exists in Jenkins Blue
Ocean Plugins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003011
+CVE-2019-1003011 (An information exposure and denial of service vulnerability
exists in ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003010
+CVE-2019-1003010 (A cross-site request forgery vulnerability exists in Jenkins
Git ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003009
+CVE-2019-1003009 (An improper certificate validation vulnerability exists in
Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003008
+CVE-2019-1003008 (A cross-site request forgery vulnerability exists in Jenkins
Warnings ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003007
+CVE-2019-1003007 (A cross-site request forgery vulnerability exists in Jenkins
Warnings ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003006
+CVE-2019-1003006 (A sandbox bypass vulnerability exists in Jenkins Groovy
Plugin 2.0 and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003005
+CVE-2019-1003005 (A sandbox bypass vulnerability exists in Jenkins Script
Security ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-7461
RESERVED
@@ -2782,6 +2956,7 @@ CVE-2016-10738 (Zenbership v107 has CSRF via
admin/cp-functions/event-add.php. .
CVE-2016-10737 (Serendipity 2.0.4 has XSS via the serendipity_admin.php ...)
- serendipity <removed>
CVE-2018-20743 (murmur in Mumble through 1.2.19 before 2018-08-31 mishandles
multiple ...)
+ {DLA-1661-1}
- mumble 1.3.0~git20190114.9fcc588+dfsg-1 (bug #919249)
NOTE: https://github.com/mumble-voip/mumble/issues/3505
NOTE: https://github.com/mumble-voip/mumble/pull/3510
@@ -9049,12 +9224,10 @@ CVE-2019-3466
RESERVED
CVE-2019-3465
RESERVED
-CVE-2019-3464 [prevent popt to load a ~/.popt configuration file, leading to
arbitrary command execution]
- RESERVED
+CVE-2019-3464 (Insufficient sanitization of environment variables passed to
rsync can ...)
{DSA-4382-1 DLA-1660-1}
- rssh 2.3.4-10
-CVE-2019-3463 [reject rsync --daemon and --config command-line options;
arbitrary command execution]
- RESERVED
+CVE-2019-3463 (Insufficient sanitization of arguments passed to rsync can
bypass the ...)
{DSA-4382-1 DLA-1660-1}
- rssh 2.3.4-10
CVE-2019-3462 (Incorrect sanitation of the 302 redirect field in HTTP
transport ...)
@@ -69021,6 +69194,7 @@ CVE-2018-1322 (An administrator with user search
entitlements in Apache Syncope
CVE-2018-1321 (An administrator with report and template entitlements in
Apache ...)
NOT-FOR-US: Apache Syncope
CVE-2018-1320 (Apache Thrift Java client library versions 0.5.0 through 0.11.0
can ...)
+ {DLA-1662-1}
- libthrift-java 0.9.1-2.1 (bug #918736)
NOTE: https://issues.apache.org/jira/browse/THRIFT-4506
NOTE:
https://github.com/apache/thrift/commit/d973409661f820d80d72c0034d06a12348c8705e
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e4d27cb79500e29df2bd079f0a4b24e2f3a4e04
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e4d27cb79500e29df2bd079f0a4b24e2f3a4e04
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
