diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-06-12 08:10:23 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-06-12 08:10:23 +0000 |
commit | 9cc5380bb5831f01728f11b793fb9a892f61cbaa (patch) | |
tree | 02944ed55e9f3ba2f1d1d4366fe6a4488d58b3ea | |
parent | 5c1fe286ea2c4741b34bb260033870b03e525848 (diff) |
automatic update
-rw-r--r-- | data/CVE/2009.list | 4 | ||||
-rw-r--r-- | data/CVE/2010.list | 2 | ||||
-rw-r--r-- | data/CVE/2012.list | 2 | ||||
-rw-r--r-- | data/CVE/2013.list | 2 | ||||
-rw-r--r-- | data/CVE/2016.list | 2 | ||||
-rw-r--r-- | data/CVE/2017.list | 4 | ||||
-rw-r--r-- | data/CVE/2018.list | 4 | ||||
-rw-r--r-- | data/CVE/2019.list | 64 |
8 files changed, 55 insertions, 29 deletions
diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 89a9e663fa..5508a3decf 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -1,3 +1,7 @@ +CVE-2009-5157 (On Linksys WAG54G2 1.00.10 devices, there is authenticated command inj ...) + TODO: check +CVE-2009-5156 (An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Co ...) + TODO: check CVE-2009-5155 (In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp i ...) [experimental] - gnulib 20180621~6979c25-1 - gnulib 20140202+stable-3.2 (bug #924613) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 8236f775d2..38a1a10c45 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -1,3 +1,5 @@ +CVE-2010-5330 (On certain Ubiquiti devices, Command Injection exists via a GET reques ...) + TODO: check CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the ...) - linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename) NOTE: Fixed by: https://git.kernel.org/linus/fc0a80798576f80ca10b3f6c9c7097f12fd1d64e (v2.6.39-rc2) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 64774663e3..b905bf899e 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -2370,7 +2370,7 @@ CVE-2012-5788 (The PayPal IPN utility does not verify that the server hostname m NOT-FOR-US: The PayPal IPN utility CVE-2012-5787 (The PayPal merchant SDK does not verify that the server hostname match ...) NOT-FOR-US: The PayPal merchant SDK -CVE-2012-5786 (The wsdl_first_https sample code in distribution/src/main/release/samp ...) +CVE-2012-5786 (** DISPUTED ** The wsdl_first_https sample code in distribution/src/ma ...) NOT-FOR-US: Apache CXF CVE-2012-5785 (Apache Axis2/Java 1.6.2 and earlier does not verify that the server ho ...) NOT-FOR-US: Axis2/Java diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 6eb656f238..70722eaa7a 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -1,3 +1,5 @@ +CVE-2013-7471 (An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-8 ...) + TODO: check CVE-2013-7470 (cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel befo ...) - linux 3.11.7-1 NOTE: Fixed by: https://git.kernel.org/linus/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 258045eea2..6a49242970 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,3 +1,5 @@ +CVE-2016-10760 (On Seowon Intech routers, there is a Command Injection vulnerability i ...) + TODO: check CVE-2016-10759 (The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resu ...) NOT-FOR-US: Xinha plugin in Precurio CVE-2016-10758 (PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php f ...) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 4f377465f7..15fa51f529 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,7 @@ +CVE-2017-18378 (In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4- ...) + TODO: check +CVE-2017-18377 (An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. T ...) + TODO: check CVE-2017-18376 (An improper authorization check in the User API in TheHive before 2.13 ...) NOT-FOR-US: User API in TheHive Project CVE-2017-18375 (Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 5269b9e1af..814f390452 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,3 +1,7 @@ +CVE-2018-20842 + RESERVED +CVE-2018-20841 (HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.02 ...) + TODO: check CVE-2018-20840 (An unhandled exception vulnerability exists during Google Sign-In with ...) TODO: check CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows attackers ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 7951fa536f..fb4786a87c 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,5 @@ +CVE-2019-12795 (daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x bef ...) + TODO: check CVE-2019-12794 (An issue was discovered in MISP 2.4.108. Organization admins could res ...) NOT-FOR-US: MISP CVE-2019-XXXX [faad2 issue fixed in vlc] @@ -687,46 +689,55 @@ CVE-2019-12475 RESERVED CVE-2019-12474 RESERVED + {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T212118 CVE-2019-12473 RESERVED + {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T204729 CVE-2019-12472 RESERVED + {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T199540 CVE-2019-12471 RESERVED + {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T207603 CVE-2019-12470 RESERVED + {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T222038 CVE-2019-12469 RESERVED + {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T222036 CVE-2019-12468 RESERVED + {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T197279 CVE-2019-12467 RESERVED + {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T209794 CVE-2019-12466 RESERVED + {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T25227 @@ -1529,30 +1540,30 @@ CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has - qemu-kvm <removed> NOTE: https://www.openwall.com/lists/oss-security/2019/05/22/1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99 -CVE-2019-12154 - RESERVED -CVE-2019-12153 - RESERVED +CVE-2019-12154 (XXE in the XML parser library in RealObjects PDFreactor before 10.1.10 ...) + TODO: check +CVE-2019-12153 (Lack of validation in the HTML parser in RealObjects PDFreactor before ...) + TODO: check CVE-2019-12152 RESERVED CVE-2019-12151 RESERVED CVE-2019-12150 (Karamasoft UltimateEditor 1 does not ensure that an uploaded file is a ...) NOT-FOR-US: Karamasoft UltimateEditor -CVE-2019-12149 - RESERVED +CVE-2019-12149 (SQL injection vulnerability in silverstripe/restfulserver module 1.0.x ...) + TODO: check CVE-2019-12148 RESERVED CVE-2019-12147 RESERVED -CVE-2019-12146 - RESERVED -CVE-2019-12145 - RESERVED -CVE-2019-12144 - RESERVED -CVE-2019-12143 - RESERVED +CVE-2019-12146 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...) + TODO: check +CVE-2019-12145 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...) + TODO: check +CVE-2019-12144 (An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FT ...) + TODO: check +CVE-2019-12143 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...) + TODO: check CVE-2019-12142 RESERVED CVE-2019-12141 @@ -3599,7 +3610,7 @@ CVE-2019-11269 CVE-2019-11268 RESERVED CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...) - {DSA-4434-1 DLA-1797-1 DLA-1777-1} + {DSA-4460-1 DSA-4434-1 DLA-1797-1 DLA-1777-1} - drupal7 <removed> (bug #927330) - jquery 3.3.1~dfsg-2 (bug #927385) [stretch] - jquery 3.1.1-2+deb9u1 @@ -22825,12 +22836,12 @@ CVE-2019-3415 RESERVED CVE-2019-3414 RESERVED -CVE-2019-3413 - RESERVED -CVE-2019-3412 - RESERVED -CVE-2019-3411 - RESERVED +CVE-2019-3413 (All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an ...) + TODO: check +CVE-2019-3412 (All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by co ...) + TODO: check +CVE-2019-3411 (All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by in ...) + TODO: check CVE-2019-3410 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE ...) TODO: check CVE-2019-3409 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE ...) @@ -29444,8 +29455,7 @@ CVE-2019-0221 (The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8 NOTE: https://github.com/apache/tomcat/commit/15fcd16 (9.0.19) NOTE: https://github.com/apache/tomcat/commit/4fcdf70 (8.5.39) NOTE: https://github.com/apache/tomcat/commit/44ec74c (7.0.93) -CVE-2019-0220 [Apache httpd URL normalization inconsistincy] - RESERVED +CVE-2019-0220 (A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When ...) {DSA-4422-1 DLA-1748-1} - apache2 2.4.38-3 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0220 @@ -29498,7 +29508,7 @@ CVE-2019-0203 CVE-2019-0202 RESERVED CVE-2019-0201 (An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alph ...) - {DLA-1801-1} + {DSA-4461-1 DLA-1801-1} - zookeeper 3.4.13-2 (bug #929283) NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1392 NOTE: Patch (3.4 branch): https://gitbox.apache.org/repos/asf?p=zookeeper.git;a=commit;h=5ff19e3672987bdde2843a3f031e2bf0010e35f1 @@ -29512,14 +29522,12 @@ CVE-2019-0199 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and TODO: check if other versions might be affected. CVE-2019-0198 REJECTED -CVE-2019-0197 [mod_http2, possible crash on late upgrade] - RESERVED +CVE-2019-0197 (A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When ...) - apache2 2.4.38-3 [stretch] - apache2 <not-affected> (Vulnerable code introduced later) [jessie] - apache2 <not-affected> (Vulnerable code introduced later) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0197 -CVE-2019-0196 [mod_http2, read-after-free on a string compare] - RESERVED +CVE-2019-0196 (A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Usin ...) {DSA-4422-1} - apache2 2.4.38-3 [jessie] - apache2 <not-affected> (Vulnerable code introduced later) |