[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 15 20:12:25 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bb2a4de6 by security tracker role at 2024-02-15T20:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-25502 (Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote ...)
+ TODO: check
+CVE-2024-25373 (Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow ...)
+ TODO: check
+CVE-2024-23113 (A use of externally-controlled format string in Fortinet FortiOS versi ...)
+ TODO: check
+CVE-2024-20750 (Substance3D - Designer versions 13.1.0 and earlier are affected by an ...)
+ TODO: check
+CVE-2024-20749 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+ TODO: check
+CVE-2024-20748 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+ TODO: check
+CVE-2024-20747 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+ TODO: check
+CVE-2024-20744 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2024-20743 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2024-20742 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2024-20741 (Substance3D - Painter versions 9.1.1 and earlier are affected by a Wri ...)
+ TODO: check
+CVE-2024-20740 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2024-20739 (Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-ba ...)
+ TODO: check
+CVE-2024-20738 (Adobe Framemaker versions 2022.1 and earlier are affected by an Improp ...)
+ TODO: check
+CVE-2024-20736 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+ TODO: check
+CVE-2024-20735 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+ TODO: check
+CVE-2024-20734 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+ TODO: check
+CVE-2024-20733 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+ TODO: check
+CVE-2024-20731 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+ TODO: check
+CVE-2024-20730 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+ TODO: check
+CVE-2024-20729 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+ TODO: check
+CVE-2024-20728 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+ TODO: check
+CVE-2024-20727 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+ TODO: check
+CVE-2024-20726 (Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are aff ...)
+ TODO: check
+CVE-2024-20725 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2024-20724 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2024-20723 (Substance3D - Painter versions 9.1.1 and earlier are affected by a Buf ...)
+ TODO: check
+CVE-2024-20722 (Substance3D - Painter versions 9.1.1 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2024-20720 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...)
+ TODO: check
+CVE-2024-20719 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...)
+ TODO: check
+CVE-2024-20718 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...)
+ TODO: check
+CVE-2024-20717 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...)
+ TODO: check
+CVE-2024-20716 (Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are a ...)
+ TODO: check
+CVE-2024-1530 (A vulnerability, which was classified as critical, has been found in E ...)
+ TODO: check
+CVE-2024-0390 (INPRAX "iZZi connect" application on Android contains hard-coded MQTT ...)
+ TODO: check
+CVE-2023-7081 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-6255 (Use of Hard-coded Credentials vulnerability in Utarit Information Tech ...)
+ TODO: check
+CVE-2023-5155 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-4993 (Improper Privilege Management vulnerability in Utarit Information Tech ...)
+ TODO: check
+CVE-2023-4539 (Use of a hard-coded password for a special database account created du ...)
+ TODO: check
+CVE-2023-4538 (The database access credentials configured during installation are sto ...)
+ TODO: check
+CVE-2023-4537 (Comarch ERP XL client is vulnerable to MS SQL protocol downgrade reque ...)
+ TODO: check
+CVE-2023-47537 (An improper certificate validation vulnerability in Fortinet FortiOS 7 ...)
+ TODO: check
+CVE-2023-45581 (An improper privilege management vulnerability [CWE-269] in Fortinet F ...)
+ TODO: check
+CVE-2023-44253 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
+ TODO: check
+CVE-2023-39245 (DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, c ...)
+ TODO: check
+CVE-2023-39244 (DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, c ...)
+ TODO: check
+CVE-2023-32484 (Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0. ...)
+ TODO: check
+CVE-2023-32462 (Dell OS10 Networking Switches running 10.5.2.x and above contain an OS ...)
+ TODO: check
CVE-2024-26264 (EBM Technologies RISWEB's specific query function parameter does not p ...)
NOT-FOR-US: EBM Technologies RISWEB
CVE-2024-26263 (EBM Technologies RISWEB's specific URL path is not properly controlled ...)
@@ -722,7 +820,7 @@ CVE-2023-6516 (To keep its cache database efficient, `named` running as a recurs
NOTE: https://kb.isc.org/docs/cve-2023-6516
NOTE: Issue is specific to 9.16.y. Mark the first version from 9.17.y series
NOTE: which entered unstable as the fixed version as workaround.
-CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4035 and related RF ...)
+CVE-2023-50387 (Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6 ...)
{DSA-5621-1 DSA-5620-1}
- bind9 1:9.19.21-1
- dnsmasq 2.90-1
@@ -3127,7 +3225,7 @@ CVE-2023-5390 (An attacker could potentially exploit this vulnerability, leading
NOT-FOR-US: Honeywell
CVE-2023-50357 (A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP webs ...)
NOT-FOR-US: AREAL SAS Websrv1 ASP website
-CVE-2023-50356 (SSL connections to NOVELL and Synology LDAP server are vulnerable to a ...)
+CVE-2023-50356 (SSL connections to some LDAP servers are vulnerable to a man-in-the-mi ...)
NOT-FOR-US: AREAL Topkapi Vision (Server)
CVE-2023-50166 (Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an ...)
NOT-FOR-US: Pega Platform
@@ -9932,7 +10030,7 @@ CVE-2023-50730 (Grackle is a GraphQL server written in functional Scala, built o
NOT-FOR-US: Grackle
CVE-2023-50727 (Resque is a Redis-backed Ruby library for creating background jobs, pl ...)
NOT-FOR-US: Resque
-CVE-2023-6937
+CVE-2023-6937 (wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS recor ...)
[experimental] - wolfssl 5.6.6-1
- wolfssl 5.6.6-1.2 (bug #1059357)
[bookworm] - wolfssl <no-dsa> (Minor issue)
@@ -54366,8 +54464,8 @@ CVE-2023-28080 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hija
NOT-FOR-US: PowerPath
CVE-2023-28079 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File ...)
NOT-FOR-US: PowerPath
-CVE-2023-28078
- RESERVED
+CVE-2023-28078 (Dell OS10 Networking Switches running 10.5.2.x and above contain a vul ...)
+ TODO: check
CVE-2023-28077 (Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 cont ...)
NOT-FOR-US: Dell
CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or risky crypt ...)
@@ -59672,8 +59770,8 @@ CVE-2023-26208 (A improper restriction of excessive authentication attempts vuln
NOT-FOR-US: FortiGuard
CVE-2023-26207 (An insertion of sensitive information into log file vulnerability in F ...)
NOT-FOR-US: Fortinet
-CVE-2023-26206
- RESERVED
+CVE-2023-26206 (An improper neutralization of input during web page generation ('cross ...)
+ TODO: check
CVE-2023-26205 (An improper access control vulnerability[CWE-284] in FortiADC automati ...)
NOT-FOR-US: FortiGuard
CVE-2023-26204 (A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb2a4de69b14481503a87c000be76a650b294e76
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb2a4de69b14481503a87c000be76a650b294e76
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240215/798dcb9f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list