[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Mar 26 08:10:26 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c812dcbe by security tracker role at 2019-03-26T08:10:16Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2019-10062
+	RESERVED
+CVE-2019-10061 (utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js)  ...)
+	TODO: check
+CVE-2019-10060 (The Verix Multi-app Conductor application 2.7 for Verifone Verix suffe ...)
+	TODO: check
+CVE-2019-10059
+	RESERVED
+CVE-2019-10058
+	RESERVED
+CVE-2019-10057
+	RESERVED
+CVE-2019-10056
+	RESERVED
+CVE-2019-10055
+	RESERVED
+CVE-2019-10054
+	RESERVED
+CVE-2019-10053
+	RESERVED
+CVE-2019-10052
+	RESERVED
+CVE-2019-10051
+	RESERVED
+CVE-2019-10050
+	RESERVED
+CVE-2019-10049
+	RESERVED
+CVE-2019-10048
+	RESERVED
+CVE-2019-10047
+	RESERVED
+CVE-2019-10046
+	RESERVED
+CVE-2019-10045
+	RESERVED
+CVE-2019-10044 (Telegram Desktop before 1.5.12 on Windows, and the Telegram applicatio ...)
+	TODO: check
 CVE-2019-10043
 	RESERVED
 CVE-2019-10042 (The D-Link DIR-816 A2 1.11 router only checks the random token when au ...)
@@ -2714,7 +2752,7 @@ CVE-2018-20797 (An issue was discovered in PoDoFo 0.9.6. There is an attempted e
 	[jessie] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/podofo/tickets/34/
 CVE-2019-9209 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and rel ...)
-	{DSA-4416-1}
+	{DSA-4416-1 DLA-1729-1}
 	- wireshark 2.6.7-1 (bug #923611)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15447
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f8fbe9f934d65b2694fa74622e5eb2e1dc8cd20b
@@ -3429,8 +3467,8 @@ CVE-2019-8983 (MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1
 	NOT-FOR-US: MDaemon Webmail
 CVE-2019-8982 (com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishan ...)
 	NOT-FOR-US: WaveMaker Studio
-CVE-2019-8981
-	RESERVED
+CVE-2019-8981 (tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overfl ...)
+	TODO: check
 CVE-2018-20784 (In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf ...)
 	- linux 4.19.16-1
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -6160,16 +6198,16 @@ CVE-2019-7717
 	RESERVED
 CVE-2019-7716
 	RESERVED
-CVE-2019-7715
-	RESERVED
-CVE-2019-7714
-	RESERVED
-CVE-2019-7713
-	RESERVED
-CVE-2019-7712
-	RESERVED
-CVE-2019-7711
-	RESERVED
+CVE-2019-7715 (An issue was discovered in the Interpeak IPCOMShell TELNET server on G ...)
+	TODO: check
+CVE-2019-7714 (An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY R ...)
+	TODO: check
+CVE-2019-7713 (An issue was discovered in the Interpeak IPCOMShell TELNET server on G ...)
+	TODO: check
+CVE-2019-7712 (An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IP ...)
+	TODO: check
+CVE-2019-7711 (An issue was discovered in the Interpeak IPCOMShell TELNET server on G ...)
+	TODO: check
 CVE-2019-7710
 	RESERVED
 CVE-2019-7709
@@ -6371,8 +6409,8 @@ CVE-2019-7644
 	RESERVED
 CVE-2019-7643
 	RESERVED
-CVE-2019-7642
-	RESERVED
+CVE-2019-7642 (D-Link routers with the mydlink feature have some web interfaces witho ...)
+	TODO: check
 CVE-2019-7641
 	RESERVED
 CVE-2019-7640
@@ -7758,7 +7796,7 @@ CVE-2019-7149 (A heap-based buffer over-read was discovered in the function read
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24102
 	NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2562759d6fe5b364fe224852e64e8bda39eb2e35
-CVE-2019-7148 (An attempted excessive memory allocation was discovered in the functio ...)
+CVE-2019-7148 (**DISPUTED** An attempted excessive memory allocation was discovered i ...)
 	- elfutils 0.176-1 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24085
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=e32380ecefbb23448541367283d3b94930762986
@@ -9125,8 +9163,8 @@ CVE-2019-6540
 	RESERVED
 CVE-2019-6539 (Several heap-based buffer overflow vulnerabilities in WECON LeviStudio ...)
 	NOT-FOR-US: WECON
-CVE-2019-6538
-	RESERVED
+CVE-2019-6538 (The Conexus telemetry protocol utilized within Medtronic MyCareLink Mo ...)
+	TODO: check
 CVE-2019-6537 (Multiple stack-based buffer overflow vulnerabilities in WECON LeviStud ...)
 	NOT-FOR-US: WECON
 CVE-2019-6536
@@ -22495,7 +22533,7 @@ CVE-2018-19861 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote att
 	NOT-FOR-US: MiniShare
 CVE-2018-19860
 	RESERVED
-CVE-2018-19859 (OpenRefine before 3.5 allows directory traversal via a relative pathna ...)
+CVE-2018-19859 (OpenRefine before 3.2 beta allows directory traversal via a relative p ...)
 	NOT-FOR-US: OpenRefine
 CVE-2018-19858 (PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack ...)
 	NOT-FOR-US: PrinceXML
@@ -26797,8 +26835,7 @@ CVE-2019-0206
 	REJECTED
 CVE-2019-0205
 	RESERVED
-CVE-2019-0204
-	RESERVED
+CVE-2019-0204 (A specifically crafted Docker image running under the root user can ov ...)
 	- apache-mesos <itp> (bug #760315)
 CVE-2019-0203
 	RESERVED
@@ -36753,8 +36790,8 @@ CVE-2018-15585
 	RESERVED
 CVE-2018-15584
 	RESERVED
-CVE-2018-15583
-	RESERVED
+CVE-2018-15583 (Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD ...)
+	TODO: check
 CVE-2018-15582
 	RESERVED
 CVE-2018-15581
@@ -104116,6 +104153,7 @@ CVE-2017-9350 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY d
 	NOTE: the related commits from the CVE-2017-11411. Otherwise those releases
 	NOTE: are opened to CVE-2017-11411, which exists because of an incomplete fix.
 CVE-2017-9349 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector h ...)
+	{DLA-1729-1}
 	- wireshark 2.2.7-1 (low; bug #864058)
 	[wheezy] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-27.html
@@ -104146,6 +104184,7 @@ CVE-2017-9345 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissecto
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-26.html
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13633
 CVE-2017-9344 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP d ...)
+	{DLA-1729-1}
 	- wireshark 2.2.7-1 (low; bug #864058)
 	[wheezy] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-29.html
@@ -110778,12 +110817,12 @@ CVE-2017-7344 (A privilege escalation in Fortinet FortiClient Windows 5.4.3 and
 	NOT-FOR-US: Fortinet FortiClient Windows
 CVE-2017-7343 (An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below ...)
 	NOT-FOR-US: Fortinet FortiPortal
-CVE-2017-7342
-	RESERVED
+CVE-2017-7342 (A weak password recovery process vulnerability in Fortinet FortiPortal ...)
+	TODO: check
 CVE-2017-7341 (An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 throu ...)
 	NOT-FOR-US: Fortinet
-CVE-2017-7340
-	RESERVED
+CVE-2017-7340 (A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions  ...)
+	TODO: check
 CVE-2017-7339 (A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions  ...)
 	NOT-FOR-US: Fortinet FortiPortal
 CVE-2017-7338 (A password management vulnerability in Fortinet FortiPortal versions 4 ...)
@@ -188249,12 +188288,12 @@ CVE-2014-9191 (The CodeWrights HART Device Type Manager (DTM) library in Emerson
 	NOT-FOR-US: Emerson HART DTM
 CVE-2014-9190 (Stack-based buffer overflow in Schneider Electric Wonderware InTouch A ...)
 	NOT-FOR-US: Schneider Electric
-CVE-2014-9189
-	RESERVED
+CVE-2014-9189 (Multiple stack-based buffer overflow vulnerabilities were found in Hon ...)
+	TODO: check
 CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Elec ...)
 	NOT-FOR-US: Schneider Electric ProClima
-CVE-2014-9187
-	RESERVED
+CVE-2014-9187 (Multiple heap-based buffer overflow vulnerabilities exist in Honeywell ...)
+	TODO: check
 CVE-2014-9186
 	RESERVED
 CVE-2014-9185 (Static code injection vulnerability in install.php in Morfy CMS 1.05 a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c812dcbe113dcf7ed19fa1899a3e525970dfc98e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c812dcbe113dcf7ed19fa1899a3e525970dfc98e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190326/b5bf5ffb/attachment.html>

More information about the debian-security-tracker-commits mailing list