[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 6 20:10:31 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7e4d27cb by security tracker role at 2019-02-06T20:10:22Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,45 +1,219 @@
+CVE-2019-7541
+ RESERVED
+CVE-2019-7540
+ RESERVED
+CVE-2019-7539
+ RESERVED
+CVE-2019-7538
+ RESERVED
+CVE-2019-7537
+ RESERVED
+CVE-2019-7536
+ RESERVED
+CVE-2019-7535
+ RESERVED
+CVE-2019-7534
+ RESERVED
+CVE-2019-7533
+ RESERVED
+CVE-2019-7532
+ RESERVED
+CVE-2019-7531
+ RESERVED
+CVE-2019-7530
+ RESERVED
+CVE-2019-7529
+ RESERVED
+CVE-2019-7528
+ RESERVED
+CVE-2019-7527
+ RESERVED
+CVE-2019-7526
+ RESERVED
+CVE-2019-7525
+ RESERVED
+CVE-2019-7524
+ RESERVED
+CVE-2019-7523
+ RESERVED
+CVE-2019-7522
+ RESERVED
+CVE-2019-7521
+ RESERVED
+CVE-2019-7520
+ RESERVED
+CVE-2019-7519
+ RESERVED
+CVE-2019-7518
+ RESERVED
+CVE-2019-7517
+ RESERVED
+CVE-2019-7516
+ RESERVED
+CVE-2019-7515
+ RESERVED
+CVE-2019-7514
+ RESERVED
+CVE-2019-7513
+ RESERVED
+CVE-2019-7512
+ RESERVED
+CVE-2019-7511
+ RESERVED
+CVE-2019-7510
+ RESERVED
+CVE-2019-7509
+ RESERVED
+CVE-2019-7508
+ RESERVED
+CVE-2019-7507
+ RESERVED
+CVE-2019-7506
+ RESERVED
+CVE-2019-7505
+ RESERVED
+CVE-2019-7504
+ RESERVED
+CVE-2019-7503
+ RESERVED
+CVE-2019-7502
+ RESERVED
+CVE-2019-7501
+ RESERVED
+CVE-2019-7500
+ RESERVED
+CVE-2019-7499
+ RESERVED
+CVE-2019-7498
+ RESERVED
+CVE-2019-7497
+ RESERVED
+CVE-2019-7496
+ RESERVED
+CVE-2019-7495
+ RESERVED
+CVE-2019-7494
+ RESERVED
+CVE-2019-7493
+ RESERVED
+CVE-2019-7492
+ RESERVED
+CVE-2019-7491
+ RESERVED
+CVE-2019-7490
+ RESERVED
+CVE-2019-7489
+ RESERVED
+CVE-2019-7488
+ RESERVED
+CVE-2019-7487
+ RESERVED
+CVE-2019-7486
+ RESERVED
+CVE-2019-7485
+ RESERVED
+CVE-2019-7484
+ RESERVED
+CVE-2019-7483
+ RESERVED
+CVE-2019-7482
+ RESERVED
+CVE-2019-7481
+ RESERVED
+CVE-2019-7480
+ RESERVED
+CVE-2019-7479
+ RESERVED
+CVE-2019-7478
+ RESERVED
+CVE-2019-7477
+ RESERVED
+CVE-2019-7476
+ RESERVED
+CVE-2019-7475
+ RESERVED
+CVE-2019-7474
+ RESERVED
+CVE-2019-7473
+ RESERVED
+CVE-2019-7472
+ RESERVED
+CVE-2019-7471
+ RESERVED
+CVE-2019-7470
+ RESERVED
+CVE-2019-7469
+ RESERVED
+CVE-2019-7468
+ RESERVED
+CVE-2019-7467
+ RESERVED
+CVE-2019-7466
+ RESERVED
+CVE-2019-7465
+ RESERVED
+CVE-2019-7464
+ RESERVED
+CVE-2019-7463
+ RESERVED
+CVE-2019-7462
+ RESERVED
+CVE-2018-20759
+ RESERVED
+CVE-2018-20758 (MODX Revolution through v2.7.0-pl allows XSS via User Settings such as ...)
+ TODO: check
+CVE-2018-20757 (MODX Revolution through v2.7.0-pl allows XSS via an extended user field ...)
+ TODO: check
+CVE-2018-20756 (MODX Revolution through v2.7.0-pl allows XSS via a document resource ...)
+ TODO: check
+CVE-2018-20755 (MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. ...)
+ TODO: check
+CVE-2018-20754
+ RESERVED
+CVE-2015-9282 (The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable ...)
+ TODO: check
CVE-2019-XXXX [netmask: buffer overflow vulnerability]
- netmask 2.4.4-1
[stretch] - netmask <no-dsa> (Minor issue)
NOTE: https://github.com/tlby/netmask/issues/3
NOTE: https://github.com/tlby/netmask/commit/29a9c239bd1008363f5b34ffd6c2cef906f3660c
-CVE-2019-1003023
+CVE-2019-1003023 (A cross-site scripting vulnerability exists in Jenkins Warnings Next ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003022
+CVE-2019-1003022 (A denial of service vulnerability exists in Jenkins Monitoring Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003021
+CVE-2019-1003021 (An exposure of sensitive information vulnerability exists in Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003020
+CVE-2019-1003020 (A server-side request forgery vulnerability exists in Jenkins Kanboard ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003019
+CVE-2019-1003019 (An session fixation vulnerability exists in Jenkins GitHub ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003018
+CVE-2019-1003018 (An exposure of sensitive information vulnerability exists in Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003017
+CVE-2019-1003017 (A data modification vulnerability exists in Jenkins Job Import Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003016
+CVE-2019-1003016 (An exposure of sensitive information vulnerability exists in Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003015
+CVE-2019-1003015 (An XML external entity processing vulnerability exists in Jenkins Job ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003014
+CVE-2019-1003014 (An cross-site scripting vulnerability exists in Jenkins Config File ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003013
+CVE-2019-1003013 (An cross-site scripting vulnerability exists in Jenkins Blue Ocean ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003012
+CVE-2019-1003012 (A data modification vulnerability exists in Jenkins Blue Ocean Plugins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003011
+CVE-2019-1003011 (An information exposure and denial of service vulnerability exists in ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003010
+CVE-2019-1003010 (A cross-site request forgery vulnerability exists in Jenkins Git ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003009
+CVE-2019-1003009 (An improper certificate validation vulnerability exists in Jenkins ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003008
+CVE-2019-1003008 (A cross-site request forgery vulnerability exists in Jenkins Warnings ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003007
+CVE-2019-1003007 (A cross-site request forgery vulnerability exists in Jenkins Warnings ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003006
+CVE-2019-1003006 (A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-1003005
+CVE-2019-1003005 (A sandbox bypass vulnerability exists in Jenkins Script Security ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-7461
RESERVED
@@ -2782,6 +2956,7 @@ CVE-2016-10738 (Zenbership v107 has CSRF via admin/cp-functions/event-add.php. .
CVE-2016-10737 (Serendipity 2.0.4 has XSS via the serendipity_admin.php ...)
- serendipity <removed>
CVE-2018-20743 (murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple ...)
+ {DLA-1661-1}
- mumble 1.3.0~git20190114.9fcc588+dfsg-1 (bug #919249)
NOTE: https://github.com/mumble-voip/mumble/issues/3505
NOTE: https://github.com/mumble-voip/mumble/pull/3510
@@ -9049,12 +9224,10 @@ CVE-2019-3466
RESERVED
CVE-2019-3465
RESERVED
-CVE-2019-3464 [prevent popt to load a ~/.popt configuration file, leading to arbitrary command execution]
- RESERVED
+CVE-2019-3464 (Insufficient sanitization of environment variables passed to rsync can ...)
{DSA-4382-1 DLA-1660-1}
- rssh 2.3.4-10
-CVE-2019-3463 [reject rsync --daemon and --config command-line options; arbitrary command execution]
- RESERVED
+CVE-2019-3463 (Insufficient sanitization of arguments passed to rsync can bypass the ...)
{DSA-4382-1 DLA-1660-1}
- rssh 2.3.4-10
CVE-2019-3462 (Incorrect sanitation of the 302 redirect field in HTTP transport ...)
@@ -69021,6 +69194,7 @@ CVE-2018-1322 (An administrator with user search entitlements in Apache Syncope
CVE-2018-1321 (An administrator with report and template entitlements in Apache ...)
NOT-FOR-US: Apache Syncope
CVE-2018-1320 (Apache Thrift Java client library versions 0.5.0 through 0.11.0 can ...)
+ {DLA-1662-1}
- libthrift-java 0.9.1-2.1 (bug #918736)
NOTE: https://issues.apache.org/jira/browse/THRIFT-4506
NOTE: https://github.com/apache/thrift/commit/d973409661f820d80d72c0034d06a12348c8705e
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e4d27cb79500e29df2bd079f0a4b24e2f3a4e04
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e4d27cb79500e29df2bd079f0a4b24e2f3a4e04
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190206/410b4c0d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list