[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 15 Feb 2024 12:13:59 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bb2a4de6 by security tracker role at 2024-02-15T20:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-25502 (Directory Traversal vulnerability in flusity CMS v.2.4 allows 
a remote ...)
+       TODO: check
+CVE-2024-25373 (Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack 
overflow ...)
+       TODO: check
+CVE-2024-23113 (A use of externally-controlled format string in Fortinet 
FortiOS versi ...)
+       TODO: check
+CVE-2024-20750 (Substance3D - Designer versions 13.1.0 and earlier are 
affected by an  ...)
+       TODO: check
+CVE-2024-20749 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier 
are aff ...)
+       TODO: check
+CVE-2024-20748 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier 
are aff ...)
+       TODO: check
+CVE-2024-20747 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier 
are aff ...)
+       TODO: check
+CVE-2024-20744 (Substance3D - Painter versions 9.1.1 and earlier are affected 
by an ou ...)
+       TODO: check
+CVE-2024-20743 (Substance3D - Painter versions 9.1.1 and earlier are affected 
by an ou ...)
+       TODO: check
+CVE-2024-20742 (Substance3D - Painter versions 9.1.1 and earlier are affected 
by an ou ...)
+       TODO: check
+CVE-2024-20741 (Substance3D - Painter versions 9.1.1 and earlier are affected 
by a Wri ...)
+       TODO: check
+CVE-2024-20740 (Substance3D - Painter versions 9.1.1 and earlier are affected 
by an ou ...)
+       TODO: check
+CVE-2024-20739 (Audition versions 24.0.3, 23.6.2 and earlier are affected by a 
Heap-ba ...)
+       TODO: check
+CVE-2024-20738 (Adobe Framemaker versions 2022.1 and earlier are affected by 
an Improp ...)
+       TODO: check
+CVE-2024-20736 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier 
are aff ...)
+       TODO: check
+CVE-2024-20735 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier 
are aff ...)
+       TODO: check
+CVE-2024-20734 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier 
are aff ...)
+       TODO: check
+CVE-2024-20733 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier 
are aff ...)
+       TODO: check
+CVE-2024-20731 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier 
are aff ...)
+       TODO: check
+CVE-2024-20730 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier 
are aff ...)
+       TODO: check
+CVE-2024-20729 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier 
are aff ...)
+       TODO: check
+CVE-2024-20728 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier 
are aff ...)
+       TODO: check
+CVE-2024-20727 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier 
are aff ...)
+       TODO: check
+CVE-2024-20726 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier 
are aff ...)
+       TODO: check
+CVE-2024-20725 (Substance3D - Painter versions 9.1.1 and earlier are affected 
by an ou ...)
+       TODO: check
+CVE-2024-20724 (Substance3D - Painter versions 9.1.1 and earlier are affected 
by an ou ...)
+       TODO: check
+CVE-2024-20723 (Substance3D - Painter versions 9.1.1 and earlier are affected 
by a Buf ...)
+       TODO: check
+CVE-2024-20722 (Substance3D - Painter versions 9.1.1 and earlier are affected 
by an ou ...)
+       TODO: check
+CVE-2024-20720 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and 
earlier are a ...)
+       TODO: check
+CVE-2024-20719 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and 
earlier are a ...)
+       TODO: check
+CVE-2024-20718 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and 
earlier are a ...)
+       TODO: check
+CVE-2024-20717 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and 
earlier are a ...)
+       TODO: check
+CVE-2024-20716 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and 
earlier are a ...)
+       TODO: check
+CVE-2024-1530 (A vulnerability, which was classified as critical, has been 
found in E ...)
+       TODO: check
+CVE-2024-0390 (INPRAX "iZZi connect" application on Android contains 
hard-coded MQTT  ...)
+       TODO: check
+CVE-2023-7081 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-6255 (Use of Hard-coded Credentials vulnerability in Utarit 
Information Tech ...)
+       TODO: check
+CVE-2023-5155 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-4993 (Improper Privilege Management vulnerability in Utarit 
Information Tech ...)
+       TODO: check
+CVE-2023-4539 (Use of a hard-coded password for a special database account 
created du ...)
+       TODO: check
+CVE-2023-4538 (The database access credentials configured during installation 
are sto ...)
+       TODO: check
+CVE-2023-4537 (Comarch ERP XL client is vulnerable to MS SQL protocol 
downgrade reque ...)
+       TODO: check
+CVE-2023-47537 (An improper certificate validation vulnerability in Fortinet 
FortiOS 7 ...)
+       TODO: check
+CVE-2023-45581 (An improper privilege management vulnerability [CWE-269] in 
Fortinet F ...)
+       TODO: check
+CVE-2023-44253 (An exposure of sensitive information to an unauthorized actor 
vulnerab ...)
+       TODO: check
+CVE-2023-39245 (DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 
10.0, c ...)
+       TODO: check
+CVE-2023-39244 (DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 
10.0, c ...)
+       TODO: check
+CVE-2023-32484 (Dell Networking Switches running Enterprise SONiC versions 
4.1.0, 4.0. ...)
+       TODO: check
+CVE-2023-32462 (Dell OS10 Networking Switches running 10.5.2.x and above 
contain an OS ...)
+       TODO: check
 CVE-2024-26264 (EBM Technologies RISWEB's specific query function parameter 
does not p ...)
        NOT-FOR-US: EBM Technologies RISWEB
 CVE-2024-26263 (EBM Technologies RISWEB's specific URL path is not properly 
controlled ...)
@@ -722,7 +820,7 @@ CVE-2023-6516 (To keep its cache database efficient, 
`named` running as a recurs
        NOTE: https://kb.isc.org/docs/cve-2023-6516
        NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y 
series
        NOTE: which entered unstable as the fixed version as workaround.
-CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and 
related RF ...)
+CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 
4035, 6 ...)
        {DSA-5621-1 DSA-5620-1}
        - bind9 1:9.19.21-1
        - dnsmasq 2.90-1
@@ -3127,7 +3225,7 @@ CVE-2023-5390 (An attacker could potentially exploit this 
vulnerability, leading
        NOT-FOR-US: Honeywell
 CVE-2023-50357 (A cross site scripting vulnerability in the AREAL SAS Websrv1 
ASP webs ...)
        NOT-FOR-US: AREAL SAS Websrv1 ASP website
-CVE-2023-50356 (SSL connections to NOVELL and Synology LDAP server are 
vulnerable to a ...)
+CVE-2023-50356 (SSL connections to some LDAP servers are vulnerable to a 
man-in-the-mi ...)
        NOT-FOR-US: AREAL Topkapi Vision (Server)
 CVE-2023-50166 (Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue 
with an  ...)
        NOT-FOR-US: Pega Platform
@@ -9932,7 +10030,7 @@ CVE-2023-50730 (Grackle is a GraphQL server written in 
functional Scala, built o
        NOT-FOR-US: Grackle
 CVE-2023-50727 (Resque is a Redis-backed Ruby library for creating background 
jobs, pl ...)
        NOT-FOR-US: Resque
-CVE-2023-6937
+CVE-2023-6937 (wolfSSL prior to 5.6.6 did not check that messages in one 
(D)TLS recor ...)
        [experimental] - wolfssl 5.6.6-1
        - wolfssl 5.6.6-1.2 (bug #1059357)
        [bookworm] - wolfssl <no-dsa> (Minor issue)
@@ -54366,8 +54464,8 @@ CVE-2023-28080 (PowerPath for Windows, versions 7.0, 
7.1 & 7.2 contains DLL Hija
        NOT-FOR-US: PowerPath
 CVE-2023-28079 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains 
Insecure File  ...)
        NOT-FOR-US: PowerPath
-CVE-2023-28078
-       RESERVED
+CVE-2023-28078 (Dell OS10 Networking Switches running 10.5.2.x and above 
contain a vul ...)
+       TODO: check
 CVE-2023-28077 (Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 
7.1 cont ...)
        NOT-FOR-US: Dell
 CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or 
risky crypt ...)
@@ -59672,8 +59770,8 @@ CVE-2023-26208 (A improper restriction of excessive 
authentication attempts vuln
        NOT-FOR-US: FortiGuard
 CVE-2023-26207 (An insertion of sensitive information into log file 
vulnerability in F ...)
        NOT-FOR-US: Fortinet
-CVE-2023-26206
-       RESERVED
+CVE-2023-26206 (An improper neutralization of input during web page generation 
('cross ...)
+       TODO: check
 CVE-2023-26205 (An improper access control vulnerability[CWE-284] in FortiADC 
automati ...)
        NOT-FOR-US: FortiGuard
 CVE-2023-26204 (A plaintext storage of a password vulnerability [CWE-256] in 
FortiSIEM ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb2a4de69b14481503a87c000be76a650b294e76

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb2a4de69b14481503a87c000be76a650b294e76
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to