[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue May 21 21:10:37 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
05e7b420 by security tracker role at 2019-05-21T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2019-12265
+ RESERVED
+CVE-2019-12264
+ RESERVED
+CVE-2019-12263
+ RESERVED
+CVE-2019-12262
+ RESERVED
+CVE-2019-12261
+ RESERVED
+CVE-2019-12260
+ RESERVED
+CVE-2019-12259
+ RESERVED
+CVE-2019-12258
+ RESERVED
+CVE-2019-12257
+ RESERVED
+CVE-2019-12256
+ RESERVED
+CVE-2019-12255
+ RESERVED
+CVE-2019-12254
+ RESERVED
+CVE-2019-12253 (my little forum before 2.4.20 allows CSRF to delete posts, as demonstr ...)
+ TODO: check
+CVE-2019-12252 (In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the low ...)
+ TODO: check
+CVE-2019-12251 (sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index. ...)
+ TODO: check
+CVE-2019-12250 (IdentityServer IdentityServer4 through 2.4 has stored XSS via the http ...)
+ TODO: check
+CVE-2019-12249
+ RESERVED
+CVE-2019-12248
+ RESERVED
+CVE-2019-12247
+ RESERVED
CVE-2019-12246
RESERVED
CVE-2019-12245
@@ -135,10 +173,10 @@ CVE-2019-12192
RESERVED
CVE-2019-12191
RESERVED
-CVE-2019-12190
- RESERVED
-CVE-2019-12189
- RESERVED
+CVE-2019-12190 (XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel t ...)
+ TODO: check
+CVE-2019-12189 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...)
+ TODO: check
CVE-2019-12188
RESERVED
CVE-2019-12187
@@ -364,6 +402,7 @@ CVE-2019-12088
CVE-2019-12087 (** DISPUTED ** Samsung S9+, S10, and XCover 4 P(9.0) devices can becom ...)
NOT-FOR-US: Samsung devices
CVE-2019-12086 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
+ {DLA-1798-1}
- jackson-databind 2.9.8-2 (bug #929177)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2326
CVE-2019-12085
@@ -4550,11 +4589,9 @@ CVE-2019-10322
RESERVED
CVE-2019-10321
RESERVED
-CVE-2019-10320
- RESERVED
+CVE-2019-10320 (Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10319
- RESERVED
+CVE-2019-10319 (A missing permission check in Jenkins PAM Authentication Plugin 1.5 an ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10318 (Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret une ...)
NOT-FOR-US: Jenkins Azure AD Plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05e7b420d30cfee69eaf2040ac8054108df76f2b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05e7b420d30cfee69eaf2040ac8054108df76f2b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190521/661b2f35/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list