[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 26 Mar 2019 01:10:49 -0700

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c812dcbe by security tracker role at 2019-03-26T08:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2019-10062
+       RESERVED
+CVE-2019-10061 (utils/find-opencv.js in node-opencv (aka OpenCV bindings for 
Node.js)  ...)
+       TODO: check
+CVE-2019-10060 (The Verix Multi-app Conductor application 2.7 for Verifone 
Verix suffe ...)
+       TODO: check
+CVE-2019-10059
+       RESERVED
+CVE-2019-10058
+       RESERVED
+CVE-2019-10057
+       RESERVED
+CVE-2019-10056
+       RESERVED
+CVE-2019-10055
+       RESERVED
+CVE-2019-10054
+       RESERVED
+CVE-2019-10053
+       RESERVED
+CVE-2019-10052
+       RESERVED
+CVE-2019-10051
+       RESERVED
+CVE-2019-10050
+       RESERVED
+CVE-2019-10049
+       RESERVED
+CVE-2019-10048
+       RESERVED
+CVE-2019-10047
+       RESERVED
+CVE-2019-10046
+       RESERVED
+CVE-2019-10045
+       RESERVED
+CVE-2019-10044 (Telegram Desktop before 1.5.12 on Windows, and the Telegram 
applicatio ...)
+       TODO: check
 CVE-2019-10043
        RESERVED
 CVE-2019-10042 (The D-Link DIR-816 A2 1.11 router only checks the random token 
when au ...)
@@ -2714,7 +2752,7 @@ CVE-2018-20797 (An issue was discovered in PoDoFo 0.9.6. 
There is an attempted e
        [jessie] - libpodofo <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/podofo/tickets/34/
 CVE-2019-9209 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER 
and rel ...)
-       {DSA-4416-1}
+       {DSA-4416-1 DLA-1729-1}
        - wireshark 2.6.7-1 (bug #923611)
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15447
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f8fbe9f934d65b2694fa74622e5eb2e1dc8cd20b
@@ -3429,8 +3467,8 @@ CVE-2019-8983 (MDaemon Webmail 14.x through 18.x before 
18.5.2 has XSS (issue 1
        NOT-FOR-US: MDaemon Webmail
 CVE-2019-8982 (com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 
mishan ...)
        NOT-FOR-US: WaveMaker Studio
-CVE-2019-8981
-       RESERVED
+CVE-2019-8981 (tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer 
Overfl ...)
+       TODO: check
 CVE-2018-20784 (In the Linux kernel before 4.20.2, kernel/sched/fair.c 
mishandles leaf ...)
        - linux 4.19.16-1
        [stretch] - linux <not-affected> (Vulnerable code not present)
@@ -6160,16 +6198,16 @@ CVE-2019-7717
        RESERVED
 CVE-2019-7716
        RESERVED
-CVE-2019-7715
-       RESERVED
-CVE-2019-7714
-       RESERVED
-CVE-2019-7713
-       RESERVED
-CVE-2019-7712
-       RESERVED
-CVE-2019-7711
-       RESERVED
+CVE-2019-7715 (An issue was discovered in the Interpeak IPCOMShell TELNET 
server on G ...)
+       TODO: check
+CVE-2019-7714 (An issue was discovered in Interpeak IPWEBS on Green Hills 
INTEGRITY R ...)
+       TODO: check
+CVE-2019-7713 (An issue was discovered in the Interpeak IPCOMShell TELNET 
server on G ...)
+       TODO: check
+CVE-2019-7712 (An issue was discovered in handler_ipcom_shell_pwd in the 
Interpeak IP ...)
+       TODO: check
+CVE-2019-7711 (An issue was discovered in the Interpeak IPCOMShell TELNET 
server on G ...)
+       TODO: check
 CVE-2019-7710
        RESERVED
 CVE-2019-7709
@@ -6371,8 +6409,8 @@ CVE-2019-7644
        RESERVED
 CVE-2019-7643
        RESERVED
-CVE-2019-7642
-       RESERVED
+CVE-2019-7642 (D-Link routers with the mydlink feature have some web 
interfaces witho ...)
+       TODO: check
 CVE-2019-7641
        RESERVED
 CVE-2019-7640
@@ -7758,7 +7796,7 @@ CVE-2019-7149 (A heap-based buffer over-read was 
discovered in the function read
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24102
        NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html
        NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=2562759d6fe5b364fe224852e64e8bda39eb2e35
-CVE-2019-7148 (An attempted excessive memory allocation was discovered in the 
functio ...)
+CVE-2019-7148 (**DISPUTED** An attempted excessive memory allocation was 
discovered i ...)
        - elfutils 0.176-1 (unimportant)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24085
        NOTE: 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=e32380ecefbb23448541367283d3b94930762986
@@ -9125,8 +9163,8 @@ CVE-2019-6540
        RESERVED
 CVE-2019-6539 (Several heap-based buffer overflow vulnerabilities in WECON 
LeviStudio ...)
        NOT-FOR-US: WECON
-CVE-2019-6538
-       RESERVED
+CVE-2019-6538 (The Conexus telemetry protocol utilized within Medtronic 
MyCareLink Mo ...)
+       TODO: check
 CVE-2019-6537 (Multiple stack-based buffer overflow vulnerabilities in WECON 
LeviStud ...)
        NOT-FOR-US: WECON
 CVE-2019-6536
@@ -22495,7 +22533,7 @@ CVE-2018-19861 (Buffer overflow in MiniShare 1.4.1 and 
earlier allows remote att
        NOT-FOR-US: MiniShare
 CVE-2018-19860
        RESERVED
-CVE-2018-19859 (OpenRefine before 3.5 allows directory traversal via a 
relative pathna ...)
+CVE-2018-19859 (OpenRefine before 3.2 beta allows directory traversal via a 
relative p ...)
        NOT-FOR-US: OpenRefine
 CVE-2018-19858 (PrinceXML, versions 10 and below, is vulnerable to XXE due to 
the lack ...)
        NOT-FOR-US: PrinceXML
@@ -26797,8 +26835,7 @@ CVE-2019-0206
        REJECTED
 CVE-2019-0205
        RESERVED
-CVE-2019-0204
-       RESERVED
+CVE-2019-0204 (A specifically crafted Docker image running under the root user 
can ov ...)
        - apache-mesos <itp> (bug #760315)
 CVE-2019-0203
        RESERVED
@@ -36753,8 +36790,8 @@ CVE-2018-15585
        RESERVED
 CVE-2018-15584
        RESERVED
-CVE-2018-15583
-       RESERVED
+CVE-2018-15583 (Cross-Site Scripting (XSS) vulnerability in point_list.php in 
GNUBOARD ...)
+       TODO: check
 CVE-2018-15582
        RESERVED
 CVE-2018-15581
@@ -104116,6 +104153,7 @@ CVE-2017-9350 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 
to 2.0.12, the openSAFETY d
        NOTE: the related commits from the CVE-2017-11411. Otherwise those 
releases
        NOTE: are opened to CVE-2017-11411, which exists because of an 
incomplete fix.
 CVE-2017-9349 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM 
dissector h ...)
+       {DLA-1729-1}
        - wireshark 2.2.7-1 (low; bug #864058)
        [wheezy] - wireshark <no-dsa> (Minor issue)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-27.html
@@ -104146,6 +104184,7 @@ CVE-2017-9345 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 
to 2.0.12, the DNS dissecto
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-26.html
        NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13633
 CVE-2017-9344 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth 
L2CAP d ...)
+       {DLA-1729-1}
        - wireshark 2.2.7-1 (low; bug #864058)
        [wheezy] - wireshark <no-dsa> (Minor issue)
        NOTE: https://www.wireshark.org/security/wnpa-sec-2017-29.html
@@ -110778,12 +110817,12 @@ CVE-2017-7344 (A privilege escalation in Fortinet 
FortiClient Windows 5.4.3 and
        NOT-FOR-US: Fortinet FortiClient Windows
 CVE-2017-7343 (An open redirect vulnerability in Fortinet FortiPortal 4.0.0 
and below ...)
        NOT-FOR-US: Fortinet FortiPortal
-CVE-2017-7342
-       RESERVED
+CVE-2017-7342 (A weak password recovery process vulnerability in Fortinet 
FortiPortal ...)
+       TODO: check
 CVE-2017-7341 (An OS Command Injection vulnerability in Fortinet FortiWLC 
6.1-2 throu ...)
        NOT-FOR-US: Fortinet
-CVE-2017-7340
-       RESERVED
+CVE-2017-7340 (A Cross-Site Scripting vulnerability in Fortinet FortiPortal 
versions  ...)
+       TODO: check
 CVE-2017-7339 (A Cross-Site Scripting vulnerability in Fortinet FortiPortal 
versions  ...)
        NOT-FOR-US: Fortinet FortiPortal
 CVE-2017-7338 (A password management vulnerability in Fortinet FortiPortal 
versions 4 ...)
@@ -188249,12 +188288,12 @@ CVE-2014-9191 (The CodeWrights HART Device Type 
Manager (DTM) library in Emerson
        NOT-FOR-US: Emerson HART DTM
 CVE-2014-9190 (Stack-based buffer overflow in Schneider Electric Wonderware 
InTouch A ...)
        NOT-FOR-US: Schneider Electric
-CVE-2014-9189
-       RESERVED
+CVE-2014-9189 (Multiple stack-based buffer overflow vulnerabilities were found 
in Hon ...)
+       TODO: check
 CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in 
Schneider Elec ...)
        NOT-FOR-US: Schneider Electric ProClima
-CVE-2014-9187
-       RESERVED
+CVE-2014-9187 (Multiple heap-based buffer overflow vulnerabilities exist in 
Honeywell ...)
+       TODO: check
 CVE-2014-9186
        RESERVED
 CVE-2014-9185 (Static code injection vulnerability in install.php in Morfy CMS 
1.05 a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c812dcbe113dcf7ed19fa1899a3e525970dfc98e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c812dcbe113dcf7ed19fa1899a3e525970dfc98e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to