[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 12 Jun 2019 01:10:45 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
abf7fb61 by security tracker role at 2019-06-12T08:10:23Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2019-12795 (daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 
1.40.x bef ...)
+       TODO: check
+CVE-2018-20842
+       RESERVED
+CVE-2018-20841 (HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 
2.000.02 ...)
+       TODO: check
+CVE-2017-18378 (In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and 
before 1.1.4- ...)
+       TODO: check
+CVE-2017-18377 (An issue was discovered on Wireless IP Camera (P2P) WIFICAM 
cameras. T ...)
+       TODO: check
+CVE-2016-10760 (On Seowon Intech routers, there is a Command Injection 
vulnerability i ...)
+       TODO: check
+CVE-2013-7471 (An issue was discovered in soap.cgi?service=WANIPConn1 on 
D-Link DIR-8 ...)
+       TODO: check
+CVE-2010-5330 (On certain Ubiquiti devices, Command Injection exists via a GET 
reques ...)
+       TODO: check
+CVE-2009-5157 (On Linksys WAG54G2 1.00.10 devices, there is authenticated 
command inj ...)
+       TODO: check
+CVE-2009-5156 (An issue was discovered on ASMAX AR-804gu 66.34.1 devices. 
There is Co ...)
+       TODO: check
 CVE-2019-12794 (An issue was discovered in MISP 2.4.108. Organization admins 
could res ...)
        NOT-FOR-US: MISP
 CVE-2019-XXXX [faad2 issue fixed in vlc]
@@ -689,46 +709,55 @@ CVE-2019-12475
        RESERVED
 CVE-2019-12474
        RESERVED
+       {DSA-4460-1}
        - mediawiki 1:1.31.2-1
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
        NOTE: https://phabricator.wikimedia.org/T212118
 CVE-2019-12473
        RESERVED
+       {DSA-4460-1}
        - mediawiki 1:1.31.2-1
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
        NOTE: https://phabricator.wikimedia.org/T204729
 CVE-2019-12472
        RESERVED
+       {DSA-4460-1}
        - mediawiki 1:1.31.2-1
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
        NOTE: https://phabricator.wikimedia.org/T199540
 CVE-2019-12471
        RESERVED
+       {DSA-4460-1}
        - mediawiki 1:1.31.2-1
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
        NOTE: https://phabricator.wikimedia.org/T207603
 CVE-2019-12470
        RESERVED
+       {DSA-4460-1}
        - mediawiki 1:1.31.2-1
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
        NOTE: https://phabricator.wikimedia.org/T222038
 CVE-2019-12469
        RESERVED
+       {DSA-4460-1}
        - mediawiki 1:1.31.2-1
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
        NOTE: https://phabricator.wikimedia.org/T222036
 CVE-2019-12468
        RESERVED
+       {DSA-4460-1}
        - mediawiki 1:1.31.2-1
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
        NOTE: https://phabricator.wikimedia.org/T197279
 CVE-2019-12467
        RESERVED
+       {DSA-4460-1}
        - mediawiki 1:1.31.2-1
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
        NOTE: https://phabricator.wikimedia.org/T209794
 CVE-2019-12466
        RESERVED
+       {DSA-4460-1}
        - mediawiki 1:1.31.2-1
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
        NOTE: https://phabricator.wikimedia.org/T25227
@@ -1558,10 +1587,10 @@ CVE-2019-12155 (interface_release_resource in 
hw/display/qxl.c in QEMU 4.0.0 has
        - qemu-kvm <removed>
        NOTE: https://www.openwall.com/lists/oss-security/2019/05/22/1
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99
-CVE-2019-12154
-       RESERVED
-CVE-2019-12153
-       RESERVED
+CVE-2019-12154 (XXE in the XML parser library in RealObjects PDFreactor before 
10.1.10 ...)
+       TODO: check
+CVE-2019-12153 (Lack of validation in the HTML parser in RealObjects 
PDFreactor before ...)
+       TODO: check
 CVE-2019-12152
        RESERVED
 CVE-2019-12151
@@ -1577,20 +1606,20 @@ CVE-2018-20839 (systemd 242 changes the VT1 mode upon a 
logout, which allows att
        NOTE: https://github.com/systemd/systemd/pull/12378
        NOTE: The fix introduced a regression, cf. 
https://bugs.debian.org/929229
        NOTE: Issue was originally fixed for unstable in 241-4 but was reverted 
in 241-5
-CVE-2019-12149
-       RESERVED
+CVE-2019-12149 (SQL injection vulnerability in silverstripe/restfulserver 
module 1.0.x ...)
+       TODO: check
 CVE-2019-12148
        RESERVED
 CVE-2019-12147
        RESERVED
-CVE-2019-12146
-       RESERVED
-CVE-2019-12145
-       RESERVED
-CVE-2019-12144
-       RESERVED
-CVE-2019-12143
-       RESERVED
+CVE-2019-12146 (A Directory Traversal issue was discovered in SSHServerAPI.dll 
in Prog ...)
+       TODO: check
+CVE-2019-12145 (A Directory Traversal issue was discovered in SSHServerAPI.dll 
in Prog ...)
+       TODO: check
+CVE-2019-12144 (An issue was discovered in SSHServerAPI.dll in Progress 
ipswitch WS_FT ...)
+       TODO: check
+CVE-2019-12143 (A Directory Traversal issue was discovered in SSHServerAPI.dll 
in Prog ...)
+       TODO: check
 CVE-2019-12142
        RESERVED
 CVE-2019-12141
@@ -3728,7 +3757,7 @@ CVE-2019-11269
 CVE-2019-11268
        RESERVED
 CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and 
other produc ...)
-       {DSA-4434-1 DLA-1797-1 DLA-1777-1}
+       {DSA-4460-1 DSA-4434-1 DLA-1797-1 DLA-1777-1}
        - drupal7 <removed> (bug #927330)
        - jquery 3.3.1~dfsg-2 (bug #927385)
        [stretch] - jquery 3.1.1-2+deb9u1
@@ -23704,12 +23733,12 @@ CVE-2019-3415
        RESERVED
 CVE-2019-3414
        RESERVED
-CVE-2019-3413
-       RESERVED
-CVE-2019-3412
-       RESERVED
-CVE-2019-3411
-       RESERVED
+CVE-2019-3413 (All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product 
have an  ...)
+       TODO: check
+CVE-2019-3412 (All versions up to BD_R218V2.4 of ZTE MF920 product are 
impacted by co ...)
+       TODO: check
+CVE-2019-3411 (All versions up to BD_R218V2.4 of ZTE MF920 product are 
impacted by in ...)
+       TODO: check
 CVE-2019-3410 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE 
Outdoor CPE  ...)
        TODO: check
 CVE-2019-3409 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE 
Outdoor CPE  ...)
@@ -34350,8 +34379,7 @@ CVE-2019-0221 (The SSI printenv command in Apache 
Tomcat 9.0.0.M1 to 9.0.0.17, 8
        NOTE: https://github.com/apache/tomcat/commit/15fcd16 (9.0.19)
        NOTE: https://github.com/apache/tomcat/commit/4fcdf70 (8.5.39)
        NOTE: https://github.com/apache/tomcat/commit/44ec74c (7.0.93)
-CVE-2019-0220 [Apache httpd URL normalization inconsistincy]
-       RESERVED
+CVE-2019-0220 (A vulnerability was found in Apache HTTP Server 2.4.0 to 
2.4.38. When  ...)
        {DSA-4422-1 DLA-1748-1}
        - apache2 2.4.38-3
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0220
@@ -34404,7 +34432,7 @@ CVE-2019-0203
 CVE-2019-0202
        RESERVED
 CVE-2019-0201 (An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 
3.5.0-alph ...)
-       {DLA-1801-1}
+       {DSA-4461-1 DLA-1801-1}
        - zookeeper 3.4.13-2 (bug #929283)
        NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1392
        NOTE: Patch (3.4 branch): 
https://gitbox.apache.org/repos/asf?p=zookeeper.git;a=commit;h=5ff19e3672987bdde2843a3f031e2bf0010e35f1
@@ -34418,14 +34446,12 @@ CVE-2019-0199 (The HTTP/2 implementation in Apache 
Tomcat 9.0.0.M1 to 9.0.14 and
        TODO: check if other versions might be affected.
 CVE-2019-0198
        REJECTED
-CVE-2019-0197 [mod_http2, possible crash on late upgrade]
-       RESERVED
+CVE-2019-0197 (A vulnerability was found in Apache HTTP Server 2.4.34 to 
2.4.38. When ...)
        - apache2 2.4.38-3
        [stretch] - apache2 <not-affected> (Vulnerable code introduced later)
        [jessie] - apache2 <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0197
-CVE-2019-0196 [mod_http2, read-after-free on a string compare]
-       RESERVED
+CVE-2019-0196 (A vulnerability was found in Apache HTTP Server 2.4.17 to 
2.4.38. Usin ...)
        {DSA-4422-1}
        - apache2 2.4.38-3
        [jessie] - apache2 <not-affected> (Vulnerable code introduced later)
@@ -242529,7 +242555,7 @@ CVE-2012-5788 (The PayPal IPN utility does not verify 
that the server hostname m
        NOT-FOR-US: The PayPal IPN utility
 CVE-2012-5787 (The PayPal merchant SDK does not verify that the server 
hostname match ...)
        NOT-FOR-US: The PayPal merchant SDK
-CVE-2012-5786 (The wsdl_first_https sample code in 
distribution/src/main/release/samp ...)
+CVE-2012-5786 (** DISPUTED ** The wsdl_first_https sample code in 
distribution/src/ma ...)
        NOT-FOR-US: Apache CXF
 CVE-2012-5785 (Apache Axis2/Java 1.6.2 and earlier does not verify that the 
server ho ...)
        NOT-FOR-US: Axis2/Java



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/abf7fb61b1a17331acb7bb0dd916813cd2fbb8ae

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/abf7fb61b1a17331acb7bb0dd916813cd2fbb8ae
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to