[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 18 Mar 2024 01:18:15 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
71b05686 by security tracker role at 2024-03-18T08:12:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2024-2581 (A vulnerability was found in Tenda AC10 16.03.10.13 and 
classified as  ...)
+       TODO: check
+CVE-2024-2577 (A vulnerability has been found in SourceCodester Employee Task 
Managem ...)
+       TODO: check
+CVE-2024-2576 (A vulnerability, which was classified as critical, was found in 
Source ...)
+       TODO: check
+CVE-2024-2575 (A vulnerability, which was classified as critical, has been 
found in S ...)
+       TODO: check
+CVE-2024-2574 (A vulnerability classified as critical was found in 
SourceCodester Emp ...)
+       TODO: check
+CVE-2024-2573 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
+       TODO: check
+CVE-2024-2572 (A vulnerability was found in SourceCodester Employee Task 
Management S ...)
+       TODO: check
+CVE-2024-2571 (A vulnerability was found in SourceCodester Employee Task 
Management S ...)
+       TODO: check
+CVE-2024-2570 (A vulnerability was found in SourceCodester Employee Task 
Management S ...)
+       TODO: check
+CVE-2024-2569 (A vulnerability was found in SourceCodester Employee Task 
Management S ...)
+       TODO: check
+CVE-2024-2568 (A vulnerability has been found in heyewei JFinalCMS 5.0.0 and 
classifi ...)
+       TODO: check
+CVE-2024-2567 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was 
classified  ...)
+       TODO: check
+CVE-2024-29156 (In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is 
used, th ...)
+       TODO: check
+CVE-2024-29154 (danielmiessler fabric through 1.3.0 allows 
installer/client/gui/static ...)
+       TODO: check
+CVE-2024-29151 (Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, 
which doe ...)
+       TODO: check
+CVE-2024-28745 (Improper export of Android application components issue exists 
in 'ABE ...)
+       TODO: check
+CVE-2024-28128 (Cross-site scripting vulnerability exists in FitNesse releases 
prior t ...)
+       TODO: check
+CVE-2024-28125 (FitNesse all releases allows a remote authenticated attacker 
to execut ...)
+       TODO: check
+CVE-2024-27974 (Cross-site request forgery vulnerability in FUJIFILM printers 
which im ...)
+       TODO: check
+CVE-2024-27757 (flusity CMS through 2.45 allows tools/addons_model.php Gallery 
Name XS ...)
+       TODO: check
+CVE-2024-24539 (FusionPBX before 5.2.0 does not validate a session.)
+       TODO: check
+CVE-2024-24230 (Komm.One CMS 10.4.2.14 has a Server-Side Template Injection 
(SSTI) vul ...)
+       TODO: check
+CVE-2024-23604 (Cross-site scripting vulnerability exists in FitNesse all 
releases, wh ...)
+       TODO: check
+CVE-2024-23139 (An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review 
version 1. ...)
+       TODO: check
+CVE-2024-23138 (A maliciously crafted DWG file when parsed through Autodesk 
DWG TrueVi ...)
+       TODO: check
+CVE-2024-22475 (Cross-site request forgery vulnerability in multiple printers 
and scan ...)
+       TODO: check
+CVE-2024-21824 (Improper authentication vulnerability in exists in multiple 
printers a ...)
+       TODO: check
+CVE-2023-52159 (A stack-based buffer overflow vulnerability in gross 0.9.3 
through 1.x ...)
+       TODO: check
+CVE-2023-40747 (Directory traversal vulnerability exists in A.K.I Software's 
PMailServ ...)
+       TODO: check
+CVE-2023-40160 (Directory traversal vulnerability exists in Mailing List 
Search CGI (p ...)
+       TODO: check
+CVE-2023-39933 (Insufficient verification vulnerability exists in Broadcast 
Mail CGI ( ...)
+       TODO: check
+CVE-2023-39223 (Stored cross-site scripting vulnerability exists in CGIs 
included in A ...)
+       TODO: check
+CVE-2021-47157 (The Kossy module before 0.60 for Perl allows JSON hijacking 
because of ...)
+       TODO: check
+CVE-2021-47156 (The Net::IPAddress::Util module before 5.000 for Perl does not 
properl ...)
+       TODO: check
+CVE-2021-47155 (The Net::IPV4Addr module 0.10 for Perl does not properly 
consider extr ...)
+       TODO: check
+CVE-2021-47154 (The Net::CIDR::Lite module before 0.22 for Perl does not 
properly cons ...)
+       TODO: check
+CVE-2018-25099 (In the CryptX module before 0.062 for Perl, 
gcm_decrypt_verify() and c ...)
+       TODO: check
 CVE-2024-2566 (A vulnerability was found in Fujian Kelixin Communication 
Command and  ...)
        NOT-FOR-US: Fujian Kelixin Communication Command and Dispatch Platform
 CVE-2024-2565 (A vulnerability was found in PandaXGO PandaX up to 20240310. It 
has be ...)
@@ -6309,29 +6383,29 @@ CVE-2024-25124 (Fiber is a web framework written in go. 
Prior to version 2.52.1,
        NOT-FOR-US: Fiber
 CVE-2024-23654 (discourse-ai is the AI plugin for the open-source discussion 
platform  ...)
        NOT-FOR-US: Discourse plugin
-CVE-2024-23137 (A maliciously crafted STP or SLDPRT file when ODXSW_DLL.dll 
parsed thr ...)
+CVE-2024-23137 (A maliciously crafted STP or SLDPRT file in ODXSW_DLL.dll when 
parsed  ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23136 (A maliciously crafted STP file when ASMKERN228A.dll parsed 
through Aut ...)
+CVE-2024-23136 (A maliciously crafted STP file in ASMKERN228A.dll when parsed 
through  ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23135 (A maliciously crafted SLDPRT file when ASMkern228A.dll parsed 
through  ...)
+CVE-2024-23135 (A maliciously crafted SLDPRT file in ASMkern228A.dll when 
parsed throu ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23134 (A maliciously crafted IGS file when tbb.dll parsed through 
Autodesk Au ...)
+CVE-2024-23134 (A maliciously crafted IGS file in tbb.dll when parsed through 
Autodesk ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23133 (A maliciously crafted STP file inASMDATAX228A.dll when parsed 
through  ...)
+CVE-2024-23133 (A maliciously crafted STP file in ASMDATAX228A.dll when parsed 
through ...)
        NOT-FOR-US: Autodesk
 CVE-2024-23132 (A maliciously crafted STP file in atf_dwg_consumer.dll when 
parsed thr ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23131 (A maliciously crafted STP file in ASMKERN228A.dll or 
ASMDATAX228A.dllw ...)
+CVE-2024-23131 (A maliciously crafted STP file in ASMKERN228A.dll or 
ASMDATAX228A.dll  ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23130 (A maliciously crafted SLDASM, or SLDPRT files in 
ODXSW_DLL.dllwhen par ...)
+CVE-2024-23130 (A maliciously crafted SLDASM, or SLDPRT files in ODXSW_DLL.dll 
when pa ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP or SLDASMfiles in 
opennurbs.dll w ...)
+CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP or SLDASM files in 
opennurbs.dll  ...)
        NOT-FOR-US: Autodesk
 CVE-2024-23128 (A maliciously crafted MODEL file in libodxdll.dll when parsed 
through  ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23127 (A maliciously crafted MODEL, SLDPRTor SLDASM file when parsed 
VCRUNTIM ...)
+CVE-2024-23127 (A maliciously crafted MODEL, SLDPRT or SLDASM file in 
VCRUNTIME140.dll ...)
        NOT-FOR-US: Autodesk
-CVE-2024-23126 (A maliciously crafted CATPART file when parsed CC5Dll.dll 
through Auto ...)
+CVE-2024-23126 (A maliciously crafted CATPART file in CC5Dll.dll when parsed 
through A ...)
        NOT-FOR-US: Autodesk
 CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll 
through Au ...)
        NOT-FOR-US: Autodesk
@@ -85096,10 +85170,10 @@ CVE-2022-47039
        RESERVED
 CVE-2022-47038
        RESERVED
-CVE-2022-47037
-       RESERVED
-CVE-2022-47036
-       RESERVED
+CVE-2022-47037 (Siklu TG Terragraph devices before 2.1.1 allow attackers to 
discover v ...)
+       TODO: check
+CVE-2022-47036 (Siklu TG Terragraph devices before approximately 2.1.1 have a 
hardcode ...)
+       TODO: check
 CVE-2022-47035 (Buffer Overflow Vulnerability in D-Link DIR-825 
v1.33.0.44ebdd4-embedd ...)
        NOT-FOR-US: D-Link
 CVE-2022-47034 (A type juggling vulnerability in the component /auth/fn.php of 
PlaySMS ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71b056860e5ecccfd6651a4b01f4f90f9e72301d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71b056860e5ecccfd6651a4b01f4f90f9e72301d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to