automatic update

author: security tracker role <sectracker@soriano.debian.org> 2019-06-12 08:10:23 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2019-06-12 08:10:23 +0000
commit: 9cc5380bb5831f01728f11b793fb9a892f61cbaa (patch)
tree: 02944ed55e9f3ba2f1d1d4366fe6a4488d58b3ea
parent: 5c1fe286ea2c4741b34bb260033870b03e525848 (diff)
8 files changed, 55 insertions, 29 deletions
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index 89a9e663fa..5508a3decf 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -1,3 +1,7 @@
+CVE-2009-5157 (On Linksys WAG54G2 1.00.10 devices, there is authenticated command inj ...)
+	TODO: check
+CVE-2009-5156 (An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Co ...)
+	TODO: check
 CVE-2009-5155 (In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp i ...)
 	[experimental] - gnulib 20180621~6979c25-1
 	- gnulib 20140202+stable-3.2 (bug #924613)
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 8236f775d2..38a1a10c45 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -1,3 +1,5 @@
+CVE-2010-5330 (On certain Ubiquiti devices, Command Injection exists via a GET reques ...)
+	TODO: check
 CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the ...)
 	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
 	NOTE: Fixed by: https://git.kernel.org/linus/fc0a80798576f80ca10b3f6c9c7097f12fd1d64e (v2.6.39-rc2)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 64774663e3..b905bf899e 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -2370,7 +2370,7 @@ CVE-2012-5788 (The PayPal IPN utility does not verify that the server hostname m
 	NOT-FOR-US: The PayPal IPN utility
 CVE-2012-5787 (The PayPal merchant SDK does not verify that the server hostname match ...)
 	NOT-FOR-US: The PayPal merchant SDK
-CVE-2012-5786 (The wsdl_first_https sample code in distribution/src/main/release/samp ...)
+CVE-2012-5786 (** DISPUTED ** The wsdl_first_https sample code in distribution/src/ma ...)
 	NOT-FOR-US: Apache CXF
 CVE-2012-5785 (Apache Axis2/Java 1.6.2 and earlier does not verify that the server ho ...)
 	NOT-FOR-US: Axis2/Java
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 6eb656f238..70722eaa7a 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1,3 +1,5 @@
+CVE-2013-7471 (An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-8 ...)
+	TODO: check
 CVE-2013-7470 (cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel befo ...)
 	- linux 3.11.7-1
 	NOTE: Fixed by: https://git.kernel.org/linus/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 258045eea2..6a49242970 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1,3 +1,5 @@
+CVE-2016-10760 (On Seowon Intech routers, there is a Command Injection vulnerability i ...)
+	TODO: check
 CVE-2016-10759 (The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resu ...)
 	NOT-FOR-US: Xinha plugin in Precurio
 CVE-2016-10758 (PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php f ...)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 4f377465f7..15fa51f529 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,3 +1,7 @@
+CVE-2017-18378 (In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4- ...)
+	TODO: check
+CVE-2017-18377 (An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. T ...)
+	TODO: check
 CVE-2017-18376 (An improper authorization check in the User API in TheHive before 2.13 ...)
 	NOT-FOR-US: User API in TheHive Project
 CVE-2017-18375 (Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php  ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 5269b9e1af..814f390452 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,3 +1,7 @@
+CVE-2018-20842
+	RESERVED
+CVE-2018-20841 (HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.02 ...)
+	TODO: check
 CVE-2018-20840 (An unhandled exception vulnerability exists during Google Sign-In with ...)
 	TODO: check
 CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows attackers ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 7951fa536f..fb4786a87c 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,5 @@
+CVE-2019-12795 (daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x bef ...)
+	TODO: check
 CVE-2019-12794 (An issue was discovered in MISP 2.4.108. Organization admins could res ...)
 	NOT-FOR-US: MISP
 CVE-2019-XXXX [faad2 issue fixed in vlc]
@@ -687,46 +689,55 @@ CVE-2019-12475
 	RESERVED
 CVE-2019-12474
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T212118
 CVE-2019-12473
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T204729
 CVE-2019-12472
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T199540
 CVE-2019-12471
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T207603
 CVE-2019-12470
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T222038
 CVE-2019-12469
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T222036
 CVE-2019-12468
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T197279
 CVE-2019-12467
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T209794
 CVE-2019-12466
 	RESERVED
+	{DSA-4460-1}
 	- mediawiki 1:1.31.2-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 	NOTE: https://phabricator.wikimedia.org/T25227
@@ -1529,30 +1540,30 @@ CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has
 	- qemu-kvm <removed>
 	NOTE: https://www.openwall.com/lists/oss-security/2019/05/22/1
 	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
-CVE-2019-12154
-	RESERVED
-CVE-2019-12153
-	RESERVED
+CVE-2019-12154 (XXE in the XML parser library in RealObjects PDFreactor before 10.1.10 ...)
+	TODO: check
+CVE-2019-12153 (Lack of validation in the HTML parser in RealObjects PDFreactor before ...)
+	TODO: check
 CVE-2019-12152
 	RESERVED
 CVE-2019-12151
 	RESERVED
 CVE-2019-12150 (Karamasoft UltimateEditor 1 does not ensure that an uploaded file is a ...)
 	NOT-FOR-US: Karamasoft UltimateEditor
-CVE-2019-12149
-	RESERVED
+CVE-2019-12149 (SQL injection vulnerability in silverstripe/restfulserver module 1.0.x ...)
+	TODO: check
 CVE-2019-12148
 	RESERVED
 CVE-2019-12147
 	RESERVED
-CVE-2019-12146
-	RESERVED
-CVE-2019-12145
-	RESERVED
-CVE-2019-12144
-	RESERVED
-CVE-2019-12143
-	RESERVED
+CVE-2019-12146 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...)
+	TODO: check
+CVE-2019-12145 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...)
+	TODO: check
+CVE-2019-12144 (An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FT ...)
+	TODO: check
+CVE-2019-12143 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...)
+	TODO: check
 CVE-2019-12142
 	RESERVED
 CVE-2019-12141
@@ -3599,7 +3610,7 @@ CVE-2019-11269
 CVE-2019-11268
 	RESERVED
 CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...)
-	{DSA-4434-1 DLA-1797-1 DLA-1777-1}
+	{DSA-4460-1 DSA-4434-1 DLA-1797-1 DLA-1777-1}
 	- drupal7 <removed> (bug #927330)
 	- jquery 3.3.1~dfsg-2 (bug #927385)
 	[stretch] - jquery 3.1.1-2+deb9u1
@@ -22825,12 +22836,12 @@ CVE-2019-3415
 	RESERVED
 CVE-2019-3414
 	RESERVED
-CVE-2019-3413
-	RESERVED
-CVE-2019-3412
-	RESERVED
-CVE-2019-3411
-	RESERVED
+CVE-2019-3413 (All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an  ...)
+	TODO: check
+CVE-2019-3412 (All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by co ...)
+	TODO: check
+CVE-2019-3411 (All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by in ...)
+	TODO: check
 CVE-2019-3410 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE  ...)
 	TODO: check
 CVE-2019-3409 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE  ...)
@@ -29444,8 +29455,7 @@ CVE-2019-0221 (The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8
 	NOTE: https://github.com/apache/tomcat/commit/15fcd16 (9.0.19)
 	NOTE: https://github.com/apache/tomcat/commit/4fcdf70 (8.5.39)
 	NOTE: https://github.com/apache/tomcat/commit/44ec74c (7.0.93)
-CVE-2019-0220 [Apache httpd URL normalization inconsistincy]
-	RESERVED
+CVE-2019-0220 (A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When  ...)
 	{DSA-4422-1 DLA-1748-1}
 	- apache2 2.4.38-3
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0220
@@ -29498,7 +29508,7 @@ CVE-2019-0203
 CVE-2019-0202
 	RESERVED
 CVE-2019-0201 (An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alph ...)
-	{DLA-1801-1}
+	{DSA-4461-1 DLA-1801-1}
 	- zookeeper 3.4.13-2 (bug #929283)
 	NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1392
 	NOTE: Patch (3.4 branch): https://gitbox.apache.org/repos/asf?p=zookeeper.git;a=commit;h=5ff19e3672987bdde2843a3f031e2bf0010e35f1
@@ -29512,14 +29522,12 @@ CVE-2019-0199 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and
 	TODO: check if other versions might be affected.
 CVE-2019-0198
 	REJECTED
-CVE-2019-0197 [mod_http2, possible crash on late upgrade]
-	RESERVED
+CVE-2019-0197 (A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When ...)
 	- apache2 2.4.38-3
 	[stretch] - apache2 <not-affected> (Vulnerable code introduced later)
 	[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0197
-CVE-2019-0196 [mod_http2, read-after-free on a string compare]
-	RESERVED
+CVE-2019-0196 (A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Usin ...)
 	{DSA-4422-1}
 	- apache2 2.4.38-3
 	[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
author	security tracker role <sectracker@soriano.debian.org>	2019-06-12 08:10:23 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2019-06-12 08:10:23 +0000
commit	9cc5380bb5831f01728f11b793fb9a892f61cbaa (patch)
tree	02944ed55e9f3ba2f1d1d4366fe6a4488d58b3ea
parent	5c1fe286ea2c4741b34bb260033870b03e525848 (diff)