[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
716a4bc2 by security tracker role at 2019-07-16T08:10:12Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-13611 (An issue was discovered in python-engineio through 3.8.2. There is a C ...)
+	TODO: check
+CVE-2019-13610
+	RESERVED
+CVE-2019-13609
+	RESERVED
+CVE-2019-13608
+	RESERVED
 CVE-2014-1200
 	RESERVED
 CVE-2014-1199
@@ -19100,18 +19108,18 @@ CVE-2019-6829
 	RESERVED
 CVE-2019-6828
 	RESERVED
-CVE-2019-6827
-	RESERVED
+CVE-2019-6827 (A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Gra ...)
+	TODO: check
 CVE-2019-6826
 	RESERVED
-CVE-2019-6825
-	RESERVED
-CVE-2019-6824
-	RESERVED
-CVE-2019-6823
-	RESERVED
-CVE-2019-6822
-	RESERVED
+CVE-2019-6825 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in Pr ...)
+	TODO: check
+CVE-2019-6824 (A CWE-119: Buffer Errors vulnerability exists in ProClima (all version ...)
+	TODO: check
+CVE-2019-6823 (A CWE-94: Code Injection vulnerability exists in ProClima (all version ...)
+	TODO: check
+CVE-2019-6822 (A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 a ...)
+	TODO: check
 CVE-2019-6821 (CWE-330: Use of Insufficiently Random Values vulnerability, which coul ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2019-6820 (A CWE-306: Missing Authentication for Critical Function vulnerability  ...)
@@ -37703,8 +37711,8 @@ CVE-2015-9274 (HarfBuzz before 1.0.4 allows remote attackers to cause a denial o
 	NOTE: https://github.com/harfbuzz/harfbuzz/commit/c917965b9e6fe2b21ed6c51559673288fa3af4b7
 CVE-2019-0235
 	RESERVED
-CVE-2019-0234
-	RESERVED
+CVE-2019-0234 (A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache  ...)
+	TODO: check
 CVE-2019-0233
 	RESERVED
 CVE-2019-0232 (When running on Windows with enableCmdLineArguments enabled, the CGI S ...)
@@ -68278,8 +68286,8 @@ CVE-2018-7840 (A Uncontrolled Search Path Element (CWE-427) vulnerability exists
 	NOT-FOR-US: Schneider Electric
 CVE-2018-7839 (A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3 ...)
 	NOT-FOR-US: Schneider
-CVE-2018-7838
-	RESERVED
+CVE-2018-7838 (A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BME ...)
+	TODO: check
 CVE-2018-7837 (An Improper Restriction of XML External Entity Reference ('XXE') vulne ...)
 	NOT-FOR-US: IIoT Monitor (Schneider Electric)
 CVE-2018-7836 (An unrestricted Upload of File with Dangerous Type vulnerability exist ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/716a4bc247cb1d28a51672ea562d1730ed39c5c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/716a4bc247cb1d28a51672ea562d1730ed39c5c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190716/7d7270f0/attachment.html>