[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Feb 6 20:10:31 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e4d27cb by security tracker role at 2019-02-06T20:10:22Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,45 +1,219 @@
+CVE-2019-7541
+	RESERVED
+CVE-2019-7540
+	RESERVED
+CVE-2019-7539
+	RESERVED
+CVE-2019-7538
+	RESERVED
+CVE-2019-7537
+	RESERVED
+CVE-2019-7536
+	RESERVED
+CVE-2019-7535
+	RESERVED
+CVE-2019-7534
+	RESERVED
+CVE-2019-7533
+	RESERVED
+CVE-2019-7532
+	RESERVED
+CVE-2019-7531
+	RESERVED
+CVE-2019-7530
+	RESERVED
+CVE-2019-7529
+	RESERVED
+CVE-2019-7528
+	RESERVED
+CVE-2019-7527
+	RESERVED
+CVE-2019-7526
+	RESERVED
+CVE-2019-7525
+	RESERVED
+CVE-2019-7524
+	RESERVED
+CVE-2019-7523
+	RESERVED
+CVE-2019-7522
+	RESERVED
+CVE-2019-7521
+	RESERVED
+CVE-2019-7520
+	RESERVED
+CVE-2019-7519
+	RESERVED
+CVE-2019-7518
+	RESERVED
+CVE-2019-7517
+	RESERVED
+CVE-2019-7516
+	RESERVED
+CVE-2019-7515
+	RESERVED
+CVE-2019-7514
+	RESERVED
+CVE-2019-7513
+	RESERVED
+CVE-2019-7512
+	RESERVED
+CVE-2019-7511
+	RESERVED
+CVE-2019-7510
+	RESERVED
+CVE-2019-7509
+	RESERVED
+CVE-2019-7508
+	RESERVED
+CVE-2019-7507
+	RESERVED
+CVE-2019-7506
+	RESERVED
+CVE-2019-7505
+	RESERVED
+CVE-2019-7504
+	RESERVED
+CVE-2019-7503
+	RESERVED
+CVE-2019-7502
+	RESERVED
+CVE-2019-7501
+	RESERVED
+CVE-2019-7500
+	RESERVED
+CVE-2019-7499
+	RESERVED
+CVE-2019-7498
+	RESERVED
+CVE-2019-7497
+	RESERVED
+CVE-2019-7496
+	RESERVED
+CVE-2019-7495
+	RESERVED
+CVE-2019-7494
+	RESERVED
+CVE-2019-7493
+	RESERVED
+CVE-2019-7492
+	RESERVED
+CVE-2019-7491
+	RESERVED
+CVE-2019-7490
+	RESERVED
+CVE-2019-7489
+	RESERVED
+CVE-2019-7488
+	RESERVED
+CVE-2019-7487
+	RESERVED
+CVE-2019-7486
+	RESERVED
+CVE-2019-7485
+	RESERVED
+CVE-2019-7484
+	RESERVED
+CVE-2019-7483
+	RESERVED
+CVE-2019-7482
+	RESERVED
+CVE-2019-7481
+	RESERVED
+CVE-2019-7480
+	RESERVED
+CVE-2019-7479
+	RESERVED
+CVE-2019-7478
+	RESERVED
+CVE-2019-7477
+	RESERVED
+CVE-2019-7476
+	RESERVED
+CVE-2019-7475
+	RESERVED
+CVE-2019-7474
+	RESERVED
+CVE-2019-7473
+	RESERVED
+CVE-2019-7472
+	RESERVED
+CVE-2019-7471
+	RESERVED
+CVE-2019-7470
+	RESERVED
+CVE-2019-7469
+	RESERVED
+CVE-2019-7468
+	RESERVED
+CVE-2019-7467
+	RESERVED
+CVE-2019-7466
+	RESERVED
+CVE-2019-7465
+	RESERVED
+CVE-2019-7464
+	RESERVED
+CVE-2019-7463
+	RESERVED
+CVE-2019-7462
+	RESERVED
+CVE-2018-20759
+	RESERVED
+CVE-2018-20758 (MODX Revolution through v2.7.0-pl allows XSS via User Settings such as ...)
+	TODO: check
+CVE-2018-20757 (MODX Revolution through v2.7.0-pl allows XSS via an extended user field ...)
+	TODO: check
+CVE-2018-20756 (MODX Revolution through v2.7.0-pl allows XSS via a document resource ...)
+	TODO: check
+CVE-2018-20755 (MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. ...)
+	TODO: check
+CVE-2018-20754
+	RESERVED
+CVE-2015-9282 (The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable ...)
+	TODO: check
 CVE-2019-XXXX [netmask: buffer overflow vulnerability]
 	- netmask 2.4.4-1
 	[stretch] - netmask <no-dsa> (Minor issue)
 	NOTE: https://github.com/tlby/netmask/issues/3
 	NOTE: https://github.com/tlby/netmask/commit/29a9c239bd1008363f5b34ffd6c2cef906f3660c
-CVE-2019-1003023
+CVE-2019-1003023 (A cross-site scripting vulnerability exists in Jenkins Warnings Next ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003022
+CVE-2019-1003022 (A denial of service vulnerability exists in Jenkins Monitoring Plugin ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003021
+CVE-2019-1003021 (An exposure of sensitive information vulnerability exists in Jenkins ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003020
+CVE-2019-1003020 (A server-side request forgery vulnerability exists in Jenkins Kanboard ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003019
+CVE-2019-1003019 (An session fixation vulnerability exists in Jenkins GitHub ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003018
+CVE-2019-1003018 (An exposure of sensitive information vulnerability exists in Jenkins ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003017
+CVE-2019-1003017 (A data modification vulnerability exists in Jenkins Job Import Plugin ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003016
+CVE-2019-1003016 (An exposure of sensitive information vulnerability exists in Jenkins ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003015
+CVE-2019-1003015 (An XML external entity processing vulnerability exists in Jenkins Job ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003014
+CVE-2019-1003014 (An cross-site scripting vulnerability exists in Jenkins Config File ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003013
+CVE-2019-1003013 (An cross-site scripting vulnerability exists in Jenkins Blue Ocean ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003012
+CVE-2019-1003012 (A data modification vulnerability exists in Jenkins Blue Ocean Plugins ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003011
+CVE-2019-1003011 (An information exposure and denial of service vulnerability exists in ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003010
+CVE-2019-1003010 (A cross-site request forgery vulnerability exists in Jenkins Git ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003009
+CVE-2019-1003009 (An improper certificate validation vulnerability exists in Jenkins ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003008
+CVE-2019-1003008 (A cross-site request forgery vulnerability exists in Jenkins Warnings ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003007
+CVE-2019-1003007 (A cross-site request forgery vulnerability exists in Jenkins Warnings ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003006
+CVE-2019-1003006 (A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-1003005
+CVE-2019-1003005 (A sandbox bypass vulnerability exists in Jenkins Script Security ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2019-7461
 	RESERVED
@@ -2782,6 +2956,7 @@ CVE-2016-10738 (Zenbership v107 has CSRF via admin/cp-functions/event-add.php. .
 CVE-2016-10737 (Serendipity 2.0.4 has XSS via the serendipity_admin.php ...)
 	- serendipity <removed>
 CVE-2018-20743 (murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple ...)
+	{DLA-1661-1}
 	- mumble 1.3.0~git20190114.9fcc588+dfsg-1 (bug #919249)
 	NOTE: https://github.com/mumble-voip/mumble/issues/3505
 	NOTE: https://github.com/mumble-voip/mumble/pull/3510
@@ -9049,12 +9224,10 @@ CVE-2019-3466
 	RESERVED
 CVE-2019-3465
 	RESERVED
-CVE-2019-3464 [prevent popt to load a ~/.popt configuration file, leading to arbitrary command execution]
-	RESERVED
+CVE-2019-3464 (Insufficient sanitization of environment variables passed to rsync can ...)
 	{DSA-4382-1 DLA-1660-1}
 	- rssh 2.3.4-10
-CVE-2019-3463 [reject rsync --daemon and --config command-line options; arbitrary command execution]
-	RESERVED
+CVE-2019-3463 (Insufficient sanitization of arguments passed to rsync can bypass the ...)
 	{DSA-4382-1 DLA-1660-1}
 	- rssh 2.3.4-10
 CVE-2019-3462 (Incorrect sanitation of the 302 redirect field in HTTP transport ...)
@@ -69021,6 +69194,7 @@ CVE-2018-1322 (An administrator with user search entitlements in Apache Syncope
 CVE-2018-1321 (An administrator with report and template entitlements in Apache ...)
 	NOT-FOR-US: Apache Syncope
 CVE-2018-1320 (Apache Thrift Java client library versions 0.5.0 through 0.11.0 can ...)
+	{DLA-1662-1}
 	- libthrift-java 0.9.1-2.1 (bug #918736)
 	NOTE: https://issues.apache.org/jira/browse/THRIFT-4506
 	NOTE: https://github.com/apache/thrift/commit/d973409661f820d80d72c0034d06a12348c8705e



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e4d27cb79500e29df2bd079f0a4b24e2f3a4e04

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e4d27cb79500e29df2bd079f0a4b24e2f3a4e04
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190206/410b4c0d/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list