[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 18 Sep 2019 01:11:27 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8b98f18f by security tracker role at 2019-09-18T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-16398
+       RESERVED
+CVE-2019-16397
+       RESERVED
+CVE-2019-16396 (GnuCOBOL 2.2 has a use-after-free in the 
end_scope_of_program_name() f ...)
+       TODO: check
+CVE-2019-16395 (GnuCOBOL 2.2 has a stack-based buffer overflow in the 
cb_name() functi ...)
+       TODO: check
 CVE-2019-16390
        RESERVED
 CVE-2019-16389
@@ -72,19 +80,19 @@ CVE-2019-16376
        RESERVED
 CVE-2019-16375
        RESERVED
-CVE-2019-16394
+CVE-2019-16394 (SPIP before 3.1.11 and 3.2 before 3.2.5 provides different 
error messa ...)
        - spip 3.2.5-1
        NOTE: https://core.spip.net/issues/4171
        NOTE: https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone
        NOTE: https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone
-CVE-2019-16393
+CVE-2019-16393 (SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect 
URLs in ec ...)
        - spip 3.2.5-1
        NOTE: https://core.spip.net/issues/4362
        NOTE: 
https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1
-CVE-2019-16392
+CVE-2019-16392 (SPIP before 3.1.11 and 3.2 before 3.2.5 allows 
prive/formulaires/login ...)
        - spip 3.2.5-1
        NOTE: 
https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028
-CVE-2019-16391
+CVE-2019-16391 (SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated 
visitors  ...)
        - spip 3.2.5-1
        NOTE: 
https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79
        NOTE: 
https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66
@@ -611,8 +619,8 @@ CVE-2019-16201
        RESERVED
 CVE-2019-16200
        RESERVED
-CVE-2019-16199
-       RESERVED
+CVE-2019-16199 (eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 
allow Remot ...)
+       TODO: check
 CVE-2019-16198
        RESERVED
 CVE-2019-16197 (In htdocs/societe/card.php in Dolibarr 10.0.1, the value of 
the User-A ...)
@@ -13207,7 +13215,7 @@ CVE-2019-12106 (The updateDevice function in 
minissdpd.c in MiniUPnP MiniSSDPd 1
        - minissdpd 1.5.20190210-1 (bug #929297)
        [stretch] - minissdpd 1.2.20130907-4.1+deb9u1
        NOTE: 
https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f
-CVE-2019-12105 (In supervisord in Supervisor through 4.0.2, an unauthenticated 
user ca ...)
+CVE-2019-12105 (** DISPUTED ** In Supervisor through 4.0.2, an unauthenticated 
user ca ...)
        - supervisor <unfixed> (unimportant)
        NOTE: https://github.com/Supervisor/supervisor/issues/1245
        NOTE: Disupted upstream to be vulnerability. inet_http_server is not 
enabled by
@@ -28105,36 +28113,36 @@ CVE-2019-6842
        RESERVED
 CVE-2019-6841
        RESERVED
-CVE-2019-6840
-       RESERVED
-CVE-2019-6839
-       RESERVED
-CVE-2019-6838
-       RESERVED
-CVE-2019-6837
-       RESERVED
-CVE-2019-6836
-       RESERVED
-CVE-2019-6835
-       RESERVED
+CVE-2019-6840 (A Format String: CWE-134 vulnerability exists in U.motion 
Server (MEG6 ...)
+       TODO: check
+CVE-2019-6839 (An Improper Access Control: CWE-284 vulnerability exists in 
U.motion S ...)
+       TODO: check
+CVE-2019-6838 (An Improper Access Control: CWE-284 vulnerability exists in 
U.motion S ...)
+       TODO: check
+CVE-2019-6837 (A Server-Side Request Forgery (SSRF): CWE-918 vulnerability 
exists in  ...)
+       TODO: check
+CVE-2019-6836 (An Improper Access Control: CWE-284 vulnerability exists in 
U.motion S ...)
+       TODO: check
+CVE-2019-6835 (A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in 
U.motion S ...)
+       TODO: check
 CVE-2019-6834
        RESERVED
-CVE-2019-6833
-       RESERVED
-CVE-2019-6832
-       RESERVED
-CVE-2019-6831
-       RESERVED
-CVE-2019-6830
-       RESERVED
-CVE-2019-6829
-       RESERVED
-CVE-2019-6828
-       RESERVED
+CVE-2019-6833 (A CWE-754 &#8211; Improper Check for Unusual or Exceptional 
Conditions ...)
+       TODO: check
+CVE-2019-6832 (A CWE-287: Authentication vulnerability exists in spaceLYnk 
(all versi ...)
+       TODO: check
+CVE-2019-6831 (A CWE-754: Improper Check for Unusual or Exceptional Conditions 
vulner ...)
+       TODO: check
+CVE-2019-6830 (A CWE-248: Uncaught Exception vulnerability exists IN Modicon 
M580 all ...)
+       TODO: check
+CVE-2019-6829 (A CWE-248: Uncaught Exception vulnerability exists in Modicon 
M580 (fi ...)
+       TODO: check
+CVE-2019-6828 (A CWE-248: Uncaught Exception vulnerability exists Modicon M580 
(firmw ...)
+       TODO: check
 CVE-2019-6827 (A CWE-787: Out-of-bounds Write vulnerability exists in 
Interactive Gra ...)
        NOT-FOR-US: Interactive Graphical SCADA System (IGSS)
-CVE-2019-6826
-       RESERVED
+CVE-2019-6826 (A CWE-426: Untrusted Search Path vulnerability exists in 
SoMachine HVA ...)
+       TODO: check
 CVE-2019-6825 (A CWE-427: Uncontrolled Search Path Element vulnerability 
exists in Pr ...)
        NOT-FOR-US: ProClima
 CVE-2019-6824 (A CWE-119: Buffer Errors vulnerability exists in ProClima (all 
version ...)
@@ -28159,16 +28167,16 @@ CVE-2019-6815 (In Modicon Quantum all firmware 
versions, CWE-264: Permissions, P
        NOT-FOR-US: Schneider Electric
 CVE-2019-6814 (An Improper Access Control: CWE-284 vulnerability exists in the 
NET55X ...)
        NOT-FOR-US: Schneider Electric
-CVE-2019-6813
-       RESERVED
+CVE-2019-6813 (A CWE-754: Improper Check for Unusual or Exceptional Conditions 
vulner ...)
+       TODO: check
 CVE-2019-6812 (A CWE-798 use of hardcoded credentials vulnerability exists in 
BMX-NOR ...)
        NOT-FOR-US: Schneider Electric
-CVE-2019-6811
-       RESERVED
-CVE-2019-6810
-       RESERVED
-CVE-2019-6809
-       RESERVED
+CVE-2019-6811 (An Improper Check for Unusual or Exceptional Conditions 
(CWE-754) vuln ...)
+       TODO: check
+CVE-2019-6810 (CWE-284: Improper Access Control vulnerability exists in 
BMXNOR0200H E ...)
+       TODO: check
+CVE-2019-6809 (A CWE-248: Uncaught Exception vulnerability exists in Modicon 
M580 (fi ...)
+       TODO: check
 CVE-2019-6808 (A CWE-284: Improper Access Control vulnerability exists in all 
version ...)
        NOT-FOR-US: Schneider Electric
 CVE-2019-6807 (A CWE-248: Uncaught Exception vulnerability exists in all 
versions of  ...)
@@ -77665,8 +77673,8 @@ CVE-2018-7822 (An Incorrect Default Permissions 
(CWE-276) vulnerability exists i
        NOT-FOR-US: Schneider Electric
 CVE-2018-7821 (An Environment (CWE-2) vulnerability exists in SoMachine Basic, 
all ve ...)
        NOT-FOR-US: Schneider Electric
-CVE-2018-7820
-       RESERVED
+CVE-2018-7820 (A Credentials Management CWE-255 vulnerability exists in the 
APC UPS N ...)
+       TODO: check
 CVE-2018-7819
        RESERVED
 CVE-2018-7818



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b98f18fa1114a48008641ebf011b8c21adad8ca

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b98f18fa1114a48008641ebf011b8c21adad8ca
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to