Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7e4d27cb by security tracker role at 2019-02-06T20:10:22Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,45 +1,219 @@ +CVE-2019-7541 + RESERVED +CVE-2019-7540 + RESERVED +CVE-2019-7539 + RESERVED +CVE-2019-7538 + RESERVED +CVE-2019-7537 + RESERVED +CVE-2019-7536 + RESERVED +CVE-2019-7535 + RESERVED +CVE-2019-7534 + RESERVED +CVE-2019-7533 + RESERVED +CVE-2019-7532 + RESERVED +CVE-2019-7531 + RESERVED +CVE-2019-7530 + RESERVED +CVE-2019-7529 + RESERVED +CVE-2019-7528 + RESERVED +CVE-2019-7527 + RESERVED +CVE-2019-7526 + RESERVED +CVE-2019-7525 + RESERVED +CVE-2019-7524 + RESERVED +CVE-2019-7523 + RESERVED +CVE-2019-7522 + RESERVED +CVE-2019-7521 + RESERVED +CVE-2019-7520 + RESERVED +CVE-2019-7519 + RESERVED +CVE-2019-7518 + RESERVED +CVE-2019-7517 + RESERVED +CVE-2019-7516 + RESERVED +CVE-2019-7515 + RESERVED +CVE-2019-7514 + RESERVED +CVE-2019-7513 + RESERVED +CVE-2019-7512 + RESERVED +CVE-2019-7511 + RESERVED +CVE-2019-7510 + RESERVED +CVE-2019-7509 + RESERVED +CVE-2019-7508 + RESERVED +CVE-2019-7507 + RESERVED +CVE-2019-7506 + RESERVED +CVE-2019-7505 + RESERVED +CVE-2019-7504 + RESERVED +CVE-2019-7503 + RESERVED +CVE-2019-7502 + RESERVED +CVE-2019-7501 + RESERVED +CVE-2019-7500 + RESERVED +CVE-2019-7499 + RESERVED +CVE-2019-7498 + RESERVED +CVE-2019-7497 + RESERVED +CVE-2019-7496 + RESERVED +CVE-2019-7495 + RESERVED +CVE-2019-7494 + RESERVED +CVE-2019-7493 + RESERVED +CVE-2019-7492 + RESERVED +CVE-2019-7491 + RESERVED +CVE-2019-7490 + RESERVED +CVE-2019-7489 + RESERVED +CVE-2019-7488 + RESERVED +CVE-2019-7487 + RESERVED +CVE-2019-7486 + RESERVED +CVE-2019-7485 + RESERVED +CVE-2019-7484 + RESERVED +CVE-2019-7483 + RESERVED +CVE-2019-7482 + RESERVED +CVE-2019-7481 + RESERVED +CVE-2019-7480 + RESERVED +CVE-2019-7479 + RESERVED +CVE-2019-7478 + RESERVED +CVE-2019-7477 + RESERVED +CVE-2019-7476 + RESERVED +CVE-2019-7475 + RESERVED +CVE-2019-7474 + RESERVED +CVE-2019-7473 + RESERVED +CVE-2019-7472 + RESERVED +CVE-2019-7471 + RESERVED +CVE-2019-7470 + RESERVED +CVE-2019-7469 + RESERVED +CVE-2019-7468 + RESERVED +CVE-2019-7467 + RESERVED +CVE-2019-7466 + RESERVED +CVE-2019-7465 + RESERVED +CVE-2019-7464 + RESERVED +CVE-2019-7463 + RESERVED +CVE-2019-7462 + RESERVED +CVE-2018-20759 + RESERVED +CVE-2018-20758 (MODX Revolution through v2.7.0-pl allows XSS via User Settings such as ...) + TODO: check +CVE-2018-20757 (MODX Revolution through v2.7.0-pl allows XSS via an extended user field ...) + TODO: check +CVE-2018-20756 (MODX Revolution through v2.7.0-pl allows XSS via a document resource ...) + TODO: check +CVE-2018-20755 (MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. ...) + TODO: check +CVE-2018-20754 + RESERVED +CVE-2015-9282 (The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable ...) + TODO: check CVE-2019-XXXX [netmask: buffer overflow vulnerability] - netmask 2.4.4-1 [stretch] - netmask <no-dsa> (Minor issue) NOTE: https://github.com/tlby/netmask/issues/3 NOTE: https://github.com/tlby/netmask/commit/29a9c239bd1008363f5b34ffd6c2cef906f3660c -CVE-2019-1003023 +CVE-2019-1003023 (A cross-site scripting vulnerability exists in Jenkins Warnings Next ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003022 +CVE-2019-1003022 (A denial of service vulnerability exists in Jenkins Monitoring Plugin ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003021 +CVE-2019-1003021 (An exposure of sensitive information vulnerability exists in Jenkins ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003020 +CVE-2019-1003020 (A server-side request forgery vulnerability exists in Jenkins Kanboard ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003019 +CVE-2019-1003019 (An session fixation vulnerability exists in Jenkins GitHub ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003018 +CVE-2019-1003018 (An exposure of sensitive information vulnerability exists in Jenkins ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003017 +CVE-2019-1003017 (A data modification vulnerability exists in Jenkins Job Import Plugin ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003016 +CVE-2019-1003016 (An exposure of sensitive information vulnerability exists in Jenkins ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003015 +CVE-2019-1003015 (An XML external entity processing vulnerability exists in Jenkins Job ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003014 +CVE-2019-1003014 (An cross-site scripting vulnerability exists in Jenkins Config File ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003013 +CVE-2019-1003013 (An cross-site scripting vulnerability exists in Jenkins Blue Ocean ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003012 +CVE-2019-1003012 (A data modification vulnerability exists in Jenkins Blue Ocean Plugins ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003011 +CVE-2019-1003011 (An information exposure and denial of service vulnerability exists in ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003010 +CVE-2019-1003010 (A cross-site request forgery vulnerability exists in Jenkins Git ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003009 +CVE-2019-1003009 (An improper certificate validation vulnerability exists in Jenkins ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003008 +CVE-2019-1003008 (A cross-site request forgery vulnerability exists in Jenkins Warnings ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003007 +CVE-2019-1003007 (A cross-site request forgery vulnerability exists in Jenkins Warnings ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003006 +CVE-2019-1003006 (A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and ...) NOT-FOR-US: Jenkins plugin -CVE-2019-1003005 +CVE-2019-1003005 (A sandbox bypass vulnerability exists in Jenkins Script Security ...) NOT-FOR-US: Jenkins plugin CVE-2019-7461 RESERVED @@ -2782,6 +2956,7 @@ CVE-2016-10738 (Zenbership v107 has CSRF via admin/cp-functions/event-add.php. . CVE-2016-10737 (Serendipity 2.0.4 has XSS via the serendipity_admin.php ...) - serendipity <removed> CVE-2018-20743 (murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple ...) + {DLA-1661-1} - mumble 1.3.0~git20190114.9fcc588+dfsg-1 (bug #919249) NOTE: https://github.com/mumble-voip/mumble/issues/3505 NOTE: https://github.com/mumble-voip/mumble/pull/3510 @@ -9049,12 +9224,10 @@ CVE-2019-3466 RESERVED CVE-2019-3465 RESERVED -CVE-2019-3464 [prevent popt to load a ~/.popt configuration file, leading to arbitrary command execution] - RESERVED +CVE-2019-3464 (Insufficient sanitization of environment variables passed to rsync can ...) {DSA-4382-1 DLA-1660-1} - rssh 2.3.4-10 -CVE-2019-3463 [reject rsync --daemon and --config command-line options; arbitrary command execution] - RESERVED +CVE-2019-3463 (Insufficient sanitization of arguments passed to rsync can bypass the ...) {DSA-4382-1 DLA-1660-1} - rssh 2.3.4-10 CVE-2019-3462 (Incorrect sanitation of the 302 redirect field in HTTP transport ...) @@ -69021,6 +69194,7 @@ CVE-2018-1322 (An administrator with user search entitlements in Apache Syncope CVE-2018-1321 (An administrator with report and template entitlements in Apache ...) NOT-FOR-US: Apache Syncope CVE-2018-1320 (Apache Thrift Java client library versions 0.5.0 through 0.11.0 can ...) + {DLA-1662-1} - libthrift-java 0.9.1-2.1 (bug #918736) NOTE: https://issues.apache.org/jira/browse/THRIFT-4506 NOTE: https://github.com/apache/thrift/commit/d973409661f820d80d72c0034d06a12348c8705e View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e4d27cb79500e29df2bd079f0a4b24e2f3a4e04 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e4d27cb79500e29df2bd079f0a4b24e2f3a4e04 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits