[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 15 20:12:25 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bb2a4de6 by security tracker role at 2024-02-15T20:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-25502 (Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote ...)
+	TODO: check
+CVE-2024-25373 (Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow ...)
+	TODO: check
+CVE-2024-23113 (A use of externally-controlled format string in Fortinet FortiOS versi ...)
+	TODO: check
+CVE-2024-20750 (Substance3D - Designer versions 13.1.0 and earlier are affected by an  ...)
+	TODO: check
+CVE-2024-20749 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+	TODO: check
+CVE-2024-20748 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+	TODO: check
+CVE-2024-20747 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+	TODO: check
+CVE-2024-20744 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...)
+	TODO: check
+CVE-2024-20743 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...)
+	TODO: check
+CVE-2024-20742 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...)
+	TODO: check
+CVE-2024-20741 (Substance3D - Painter versions 9.1.1 and earlier are affected by a Wri ...)
+	TODO: check
+CVE-2024-20740 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...)
+	TODO: check
+CVE-2024-20739 (Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-ba ...)
+	TODO: check
+CVE-2024-20738 (Adobe Framemaker versions 2022.1 and earlier are affected by an Improp ...)
+	TODO: check
+CVE-2024-20736 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+	TODO: check
+CVE-2024-20735 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+	TODO: check
+CVE-2024-20734 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+	TODO: check
+CVE-2024-20733 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+	TODO: check
+CVE-2024-20731 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+	TODO: check
+CVE-2024-20730 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+	TODO: check
+CVE-2024-20729 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+	TODO: check
+CVE-2024-20728 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+	TODO: check
+CVE-2024-20727 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+	TODO: check
+CVE-2024-20726 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+	TODO: check
+CVE-2024-20725 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...)
+	TODO: check
+CVE-2024-20724 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...)
+	TODO: check
+CVE-2024-20723 (Substance3D - Painter versions 9.1.1 and earlier are affected by a Buf ...)
+	TODO: check
+CVE-2024-20722 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...)
+	TODO: check
+CVE-2024-20720 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...)
+	TODO: check
+CVE-2024-20719 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...)
+	TODO: check
+CVE-2024-20718 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...)
+	TODO: check
+CVE-2024-20717 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...)
+	TODO: check
+CVE-2024-20716 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...)
+	TODO: check
+CVE-2024-1530 (A vulnerability, which was classified as critical, has been found in E ...)
+	TODO: check
+CVE-2024-0390 (INPRAX "iZZi connect" application on Android contains hard-coded MQTT  ...)
+	TODO: check
+CVE-2023-7081 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-6255 (Use of Hard-coded Credentials vulnerability in Utarit Information Tech ...)
+	TODO: check
+CVE-2023-5155 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-4993 (Improper Privilege Management vulnerability in Utarit Information Tech ...)
+	TODO: check
+CVE-2023-4539 (Use of a hard-coded password for a special database account created du ...)
+	TODO: check
+CVE-2023-4538 (The database access credentials configured during installation are sto ...)
+	TODO: check
+CVE-2023-4537 (Comarch ERP XL client is vulnerable to MS SQL protocol downgrade reque ...)
+	TODO: check
+CVE-2023-47537 (An improper certificate validation vulnerability in Fortinet FortiOS 7 ...)
+	TODO: check
+CVE-2023-45581 (An improper privilege management vulnerability [CWE-269] in Fortinet F ...)
+	TODO: check
+CVE-2023-44253 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
+	TODO: check
+CVE-2023-39245 (DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, c ...)
+	TODO: check
+CVE-2023-39244 (DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, c ...)
+	TODO: check
+CVE-2023-32484 (Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0. ...)
+	TODO: check
+CVE-2023-32462 (Dell OS10 Networking Switches running 10.5.2.x and above contain an OS ...)
+	TODO: check
 CVE-2024-26264 (EBM Technologies RISWEB's specific query function parameter does not p ...)
 	NOT-FOR-US: EBM Technologies RISWEB
 CVE-2024-26263 (EBM Technologies RISWEB's specific URL path is not properly controlled ...)
@@ -722,7 +820,7 @@ CVE-2023-6516 (To keep its cache database efficient, `named` running as a recurs
 	NOTE: https://kb.isc.org/docs/cve-2023-6516
 	NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y series
 	NOTE: which entered unstable as the fixed version as workaround.
-CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and related RF ...)
+CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6 ...)
 	{DSA-5621-1 DSA-5620-1}
 	- bind9 1:9.19.21-1
 	- dnsmasq 2.90-1
@@ -3127,7 +3225,7 @@ CVE-2023-5390 (An attacker could potentially exploit this vulnerability, leading
 	NOT-FOR-US: Honeywell
 CVE-2023-50357 (A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP webs ...)
 	NOT-FOR-US: AREAL SAS Websrv1 ASP website
-CVE-2023-50356 (SSL connections to NOVELL and Synology LDAP server are vulnerable to a ...)
+CVE-2023-50356 (SSL connections to some LDAP servers are vulnerable to a man-in-the-mi ...)
 	NOT-FOR-US: AREAL Topkapi Vision (Server)
 CVE-2023-50166 (Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an  ...)
 	NOT-FOR-US: Pega Platform
@@ -9932,7 +10030,7 @@ CVE-2023-50730 (Grackle is a GraphQL server written in functional Scala, built o
 	NOT-FOR-US: Grackle
 CVE-2023-50727 (Resque is a Redis-backed Ruby library for creating background jobs, pl ...)
 	NOT-FOR-US: Resque
-CVE-2023-6937
+CVE-2023-6937 (wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS recor ...)
 	[experimental] - wolfssl 5.6.6-1
 	- wolfssl 5.6.6-1.2 (bug #1059357)
 	[bookworm] - wolfssl <no-dsa> (Minor issue)
@@ -54366,8 +54464,8 @@ CVE-2023-28080 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hija
 	NOT-FOR-US: PowerPath
 CVE-2023-28079 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File  ...)
 	NOT-FOR-US: PowerPath
-CVE-2023-28078
-	RESERVED
+CVE-2023-28078 (Dell OS10 Networking Switches running 10.5.2.x and above contain a vul ...)
+	TODO: check
 CVE-2023-28077 (Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 cont ...)
 	NOT-FOR-US: Dell
 CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or risky crypt ...)
@@ -59672,8 +59770,8 @@ CVE-2023-26208 (A improper restriction of excessive authentication attempts vuln
 	NOT-FOR-US: FortiGuard
 CVE-2023-26207 (An insertion of sensitive information into log file vulnerability in F ...)
 	NOT-FOR-US: Fortinet
-CVE-2023-26206
-	RESERVED
+CVE-2023-26206 (An improper neutralization of input during web page generation ('cross ...)
+	TODO: check
 CVE-2023-26205 (An improper access control vulnerability[CWE-284] in FortiADC automati ...)
 	NOT-FOR-US: FortiGuard
 CVE-2023-26204 (A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb2a4de69b14481503a87c000be76a650b294e76

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb2a4de69b14481503a87c000be76a650b294e76
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240215/798dcb9f/attachment.htm>

More information about the debian-security-tracker-commits mailing list