[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue May 21 21:10:37 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
05e7b420 by security tracker role at 2019-05-21T20:10:26Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2019-12265
+	RESERVED
+CVE-2019-12264
+	RESERVED
+CVE-2019-12263
+	RESERVED
+CVE-2019-12262
+	RESERVED
+CVE-2019-12261
+	RESERVED
+CVE-2019-12260
+	RESERVED
+CVE-2019-12259
+	RESERVED
+CVE-2019-12258
+	RESERVED
+CVE-2019-12257
+	RESERVED
+CVE-2019-12256
+	RESERVED
+CVE-2019-12255
+	RESERVED
+CVE-2019-12254
+	RESERVED
+CVE-2019-12253 (my little forum before 2.4.20 allows CSRF to delete posts, as demonstr ...)
+	TODO: check
+CVE-2019-12252 (In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the low ...)
+	TODO: check
+CVE-2019-12251 (sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index. ...)
+	TODO: check
+CVE-2019-12250 (IdentityServer IdentityServer4 through 2.4 has stored XSS via the http ...)
+	TODO: check
+CVE-2019-12249
+	RESERVED
+CVE-2019-12248
+	RESERVED
+CVE-2019-12247
+	RESERVED
 CVE-2019-12246
 	RESERVED
 CVE-2019-12245
@@ -135,10 +173,10 @@ CVE-2019-12192
 	RESERVED
 CVE-2019-12191
 	RESERVED
-CVE-2019-12190
-	RESERVED
-CVE-2019-12189
-	RESERVED
+CVE-2019-12190 (XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel t ...)
+	TODO: check
+CVE-2019-12189 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...)
+	TODO: check
 CVE-2019-12188
 	RESERVED
 CVE-2019-12187
@@ -364,6 +402,7 @@ CVE-2019-12088
 CVE-2019-12087 (** DISPUTED ** Samsung S9+, S10, and XCover 4 P(9.0) devices can becom ...)
 	NOT-FOR-US: Samsung devices
 CVE-2019-12086 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
+	{DLA-1798-1}
 	- jackson-databind 2.9.8-2 (bug #929177)
 	NOTE: https://github.com/FasterXML/jackson-databind/issues/2326
 CVE-2019-12085
@@ -4550,11 +4589,9 @@ CVE-2019-10322
 	RESERVED
 CVE-2019-10321
 	RESERVED
-CVE-2019-10320
-	RESERVED
+CVE-2019-10320 (Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permi ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2019-10319
-	RESERVED
+CVE-2019-10319 (A missing permission check in Jenkins PAM Authentication Plugin 1.5 an ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2019-10318 (Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret une ...)
 	NOT-FOR-US: Jenkins Azure AD Plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05e7b420d30cfee69eaf2040ac8054108df76f2b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/05e7b420d30cfee69eaf2040ac8054108df76f2b
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190521/661b2f35/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list