[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Oct 15 21:10:40 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
18a375ea by security tracker role at 2019-10-15T20:10:29Z
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2019-17600 (Intelbras IWR 1000N 1.6.4 devices allows disclosure of the administrat ...)
+	TODO: check
+CVE-2019-17599
+	RESERVED
+CVE-2019-17598
+	RESERVED
+CVE-2019-17597
+	RESERVED
+CVE-2017-1002201 (In haml versions prior to version 5.0.0.beta.2, when using user input  ...)
+	TODO: check
 CVE-2019-17596
 	RESERVED
 CVE-2019-17595 (There is a heap-based buffer over-read in the fmt_entry function in ti ...)
@@ -632,8 +642,8 @@ CVE-2019-17399 (The Shack Forms Pro extension before 4.0.32 for Joomla! allows p
 	NOT-FOR-US: Shack Forms Pro extension for Joomla!
 CVE-2019-17398
 	RESERVED
-CVE-2019-17397
-	RESERVED
+CVE-2019-17397 (In the DoorDash application through 11.5.2 for Android, the username a ...)
+	TODO: check
 CVE-2019-17396
 	RESERVED
 CVE-2019-17395
@@ -984,8 +994,8 @@ CVE-2019-17225 (Subrion 4.2.1 allows XSS via the panel/members/ Username, Full N
 	NOT-FOR-US: Subrion CMS
 CVE-2019-17224
 	RESERVED
-CVE-2019-17223
-	RESERVED
+CVE-2019-17223 (There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 v ...)
+	TODO: check
 CVE-2019-17222
 	RESERVED
 CVE-2019-17221
@@ -1042,8 +1052,8 @@ CVE-2019-17197 (OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demogra
 	NOT-FOR-US: OpenEMR
 CVE-2019-17196
 	RESERVED
-CVE-2019-17195
-	RESERVED
+CVE-2019-17195 (Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exce ...)
+	TODO: check
 CVE-2019-17194
 	RESERVED
 CVE-2019-17193
@@ -7731,8 +7741,7 @@ CVE-2019-14834
 	RESERVED
 CVE-2019-14833
 	RESERVED
-CVE-2019-14832
-	RESERVED
+CVE-2019-14832 (A flaw was found in the Keycloak REST API before version 8.0.0 where i ...)
 	NOT-FOR-US: Keycloak
 CVE-2019-14831
 	RESERVED
@@ -14317,8 +14326,8 @@ CVE-2019-12946 (Elcom CMS before 10.7 has SQL Injection via EventSearchByState.a
 	NOT-FOR-US: Elcom CMS
 CVE-2019-12945
 	REJECTED
-CVE-2019-12944
-	RESERVED
+CVE-2019-12944 (Glue Smart Lock 2.7.8 devices do not properly block guest access in ce ...)
+	TODO: check
 CVE-2019-12943 (TTLock devices do not properly restrict password-reset attempts, leadi ...)
 	NOT-FOR-US: TTLock devices
 CVE-2019-12942 (TTLock devices do not properly block guest access in certain situation ...)
@@ -20181,10 +20190,10 @@ CVE-2019-10762
 	RESERVED
 CVE-2019-10761
 	RESERVED
-CVE-2019-10760
-	RESERVED
-CVE-2019-10759
-	RESERVED
+CVE-2019-10760 (safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A  ...)
+	TODO: check
+CVE-2019-10759 (safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A  ...)
+	TODO: check
 CVE-2019-10758
 	RESERVED
 CVE-2019-10757 (knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/18a375eaf8b43f40305a2fe3803f5df17a629c2d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/18a375eaf8b43f40305a2fe3803f5df17a629c2d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191015/a2952bef/attachment.html>

More information about the debian-security-tracker-commits mailing list