[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Sep 18 09:10:29 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8b98f18f by security tracker role at 2019-09-18T08:10:17Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2019-16398
+	RESERVED
+CVE-2019-16397
+	RESERVED
+CVE-2019-16396 (GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() f ...)
+	TODO: check
+CVE-2019-16395 (GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() functi ...)
+	TODO: check
 CVE-2019-16390
 	RESERVED
 CVE-2019-16389
@@ -72,19 +80,19 @@ CVE-2019-16376
 	RESERVED
 CVE-2019-16375
 	RESERVED
-CVE-2019-16394
+CVE-2019-16394 (SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messa ...)
 	- spip 3.2.5-1
 	NOTE: https://core.spip.net/issues/4171
 	NOTE: https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone
 	NOTE: https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone
-CVE-2019-16393
+CVE-2019-16393 (SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ec ...)
 	- spip 3.2.5-1
 	NOTE: https://core.spip.net/issues/4362
 	NOTE: https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1
-CVE-2019-16392
+CVE-2019-16392 (SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login ...)
 	- spip 3.2.5-1
 	NOTE: https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028
-CVE-2019-16391
+CVE-2019-16391 (SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors  ...)
 	- spip 3.2.5-1
 	NOTE: https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79
 	NOTE: https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66
@@ -611,8 +619,8 @@ CVE-2019-16201
 	RESERVED
 CVE-2019-16200
 	RESERVED
-CVE-2019-16199
-	RESERVED
+CVE-2019-16199 (eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remot ...)
+	TODO: check
 CVE-2019-16198
 	RESERVED
 CVE-2019-16197 (In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-A ...)
@@ -13207,7 +13215,7 @@ CVE-2019-12106 (The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1
 	- minissdpd 1.5.20190210-1 (bug #929297)
 	[stretch] - minissdpd 1.2.20130907-4.1+deb9u1
 	NOTE: https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f
-CVE-2019-12105 (In supervisord in Supervisor through 4.0.2, an unauthenticated user ca ...)
+CVE-2019-12105 (** DISPUTED ** In Supervisor through 4.0.2, an unauthenticated user ca ...)
 	- supervisor <unfixed> (unimportant)
 	NOTE: https://github.com/Supervisor/supervisor/issues/1245
 	NOTE: Disupted upstream to be vulnerability. inet_http_server is not enabled by
@@ -28105,36 +28113,36 @@ CVE-2019-6842
 	RESERVED
 CVE-2019-6841
 	RESERVED
-CVE-2019-6840
-	RESERVED
-CVE-2019-6839
-	RESERVED
-CVE-2019-6838
-	RESERVED
-CVE-2019-6837
-	RESERVED
-CVE-2019-6836
-	RESERVED
-CVE-2019-6835
-	RESERVED
+CVE-2019-6840 (A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6 ...)
+	TODO: check
+CVE-2019-6839 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
+	TODO: check
+CVE-2019-6838 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
+	TODO: check
+CVE-2019-6837 (A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in  ...)
+	TODO: check
+CVE-2019-6836 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
+	TODO: check
+CVE-2019-6835 (A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion S ...)
+	TODO: check
 CVE-2019-6834
 	RESERVED
-CVE-2019-6833
-	RESERVED
-CVE-2019-6832
-	RESERVED
-CVE-2019-6831
-	RESERVED
-CVE-2019-6830
-	RESERVED
-CVE-2019-6829
-	RESERVED
-CVE-2019-6828
-	RESERVED
+CVE-2019-6833 (A CWE-754 – Improper Check for Unusual or Exceptional Conditions ...)
+	TODO: check
+CVE-2019-6832 (A CWE-287: Authentication vulnerability exists in spaceLYnk (all versi ...)
+	TODO: check
+CVE-2019-6831 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+	TODO: check
+CVE-2019-6830 (A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all ...)
+	TODO: check
+CVE-2019-6829 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (fi ...)
+	TODO: check
+CVE-2019-6828 (A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmw ...)
+	TODO: check
 CVE-2019-6827 (A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Gra ...)
 	NOT-FOR-US: Interactive Graphical SCADA System (IGSS)
-CVE-2019-6826
-	RESERVED
+CVE-2019-6826 (A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVA ...)
+	TODO: check
 CVE-2019-6825 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in Pr ...)
 	NOT-FOR-US: ProClima
 CVE-2019-6824 (A CWE-119: Buffer Errors vulnerability exists in ProClima (all version ...)
@@ -28159,16 +28167,16 @@ CVE-2019-6815 (In Modicon Quantum all firmware versions, CWE-264: Permissions, P
 	NOT-FOR-US: Schneider Electric
 CVE-2019-6814 (An Improper Access Control: CWE-284 vulnerability exists in the NET55X ...)
 	NOT-FOR-US: Schneider Electric
-CVE-2019-6813
-	RESERVED
+CVE-2019-6813 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+	TODO: check
 CVE-2019-6812 (A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR ...)
 	NOT-FOR-US: Schneider Electric
-CVE-2019-6811
-	RESERVED
-CVE-2019-6810
-	RESERVED
-CVE-2019-6809
-	RESERVED
+CVE-2019-6811 (An Improper Check for Unusual or Exceptional Conditions (CWE-754) vuln ...)
+	TODO: check
+CVE-2019-6810 (CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H E ...)
+	TODO: check
+CVE-2019-6809 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (fi ...)
+	TODO: check
 CVE-2019-6808 (A CWE-284: Improper Access Control vulnerability exists in all version ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2019-6807 (A CWE-248: Uncaught Exception vulnerability exists in all versions of  ...)
@@ -77665,8 +77673,8 @@ CVE-2018-7822 (An Incorrect Default Permissions (CWE-276) vulnerability exists i
 	NOT-FOR-US: Schneider Electric
 CVE-2018-7821 (An Environment (CWE-2) vulnerability exists in SoMachine Basic, all ve ...)
 	NOT-FOR-US: Schneider Electric
-CVE-2018-7820
-	RESERVED
+CVE-2018-7820 (A Credentials Management CWE-255 vulnerability exists in the APC UPS N ...)
+	TODO: check
 CVE-2018-7819
 	RESERVED
 CVE-2018-7818



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b98f18fa1114a48008641ebf011b8c21adad8ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8b98f18fa1114a48008641ebf011b8c21adad8ca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190918/4da5506f/attachment.html>

More information about the debian-security-tracker-commits mailing list