[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 18 08:12:28 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
71b05686 by security tracker role at 2024-03-18T08:12:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2024-2581 (A vulnerability was found in Tenda AC10 16.03.10.13 and classified as  ...)
+	TODO: check
+CVE-2024-2577 (A vulnerability has been found in SourceCodester Employee Task Managem ...)
+	TODO: check
+CVE-2024-2576 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2024-2575 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2024-2574 (A vulnerability classified as critical was found in SourceCodester Emp ...)
+	TODO: check
+CVE-2024-2573 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2024-2572 (A vulnerability was found in SourceCodester Employee Task Management S ...)
+	TODO: check
+CVE-2024-2571 (A vulnerability was found in SourceCodester Employee Task Management S ...)
+	TODO: check
+CVE-2024-2570 (A vulnerability was found in SourceCodester Employee Task Management S ...)
+	TODO: check
+CVE-2024-2569 (A vulnerability was found in SourceCodester Employee Task Management S ...)
+	TODO: check
+CVE-2024-2568 (A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classifi ...)
+	TODO: check
+CVE-2024-2567 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified  ...)
+	TODO: check
+CVE-2024-29156 (In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, th ...)
+	TODO: check
+CVE-2024-29154 (danielmiessler fabric through 1.3.0 allows installer/client/gui/static ...)
+	TODO: check
+CVE-2024-29151 (Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which doe ...)
+	TODO: check
+CVE-2024-28745 (Improper export of Android application components issue exists in 'ABE ...)
+	TODO: check
+CVE-2024-28128 (Cross-site scripting vulnerability exists in FitNesse releases prior t ...)
+	TODO: check
+CVE-2024-28125 (FitNesse all releases allows a remote authenticated attacker to execut ...)
+	TODO: check
+CVE-2024-27974 (Cross-site request forgery vulnerability in FUJIFILM printers which im ...)
+	TODO: check
+CVE-2024-27757 (flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XS ...)
+	TODO: check
+CVE-2024-24539 (FusionPBX before 5.2.0 does not validate a session.)
+	TODO: check
+CVE-2024-24230 (Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vul ...)
+	TODO: check
+CVE-2024-23604 (Cross-site scripting vulnerability exists in FitNesse all releases, wh ...)
+	TODO: check
+CVE-2024-23139 (An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1. ...)
+	TODO: check
+CVE-2024-23138 (A maliciously crafted DWG file when parsed through Autodesk DWG TrueVi ...)
+	TODO: check
+CVE-2024-22475 (Cross-site request forgery vulnerability in multiple printers and scan ...)
+	TODO: check
+CVE-2024-21824 (Improper authentication vulnerability in exists in multiple printers a ...)
+	TODO: check
+CVE-2023-52159 (A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x ...)
+	TODO: check
+CVE-2023-40747 (Directory traversal vulnerability exists in A.K.I Software's PMailServ ...)
+	TODO: check
+CVE-2023-40160 (Directory traversal vulnerability exists in Mailing List Search CGI (p ...)
+	TODO: check
+CVE-2023-39933 (Insufficient verification vulnerability exists in Broadcast Mail CGI ( ...)
+	TODO: check
+CVE-2023-39223 (Stored cross-site scripting vulnerability exists in CGIs included in A ...)
+	TODO: check
+CVE-2021-47157 (The Kossy module before 0.60 for Perl allows JSON hijacking because of ...)
+	TODO: check
+CVE-2021-47156 (The Net::IPAddress::Util module before 5.000 for Perl does not properl ...)
+	TODO: check
+CVE-2021-47155 (The Net::IPV4Addr module 0.10 for Perl does not properly consider extr ...)
+	TODO: check
+CVE-2021-47154 (The Net::CIDR::Lite module before 0.22 for Perl does not properly cons ...)
+	TODO: check
+CVE-2018-25099 (In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and c ...)
+	TODO: check
 CVE-2024-2566 (A vulnerability was found in Fujian Kelixin Communication Command and  ...)
 	NOT-FOR-US: Fujian Kelixin Communication Command and Dispatch Platform
 CVE-2024-2565 (A vulnerability was found in PandaXGO PandaX up to 20240310. It has be ...)
@@ -6309,29 +6383,29 @@ CVE-2024-25124 (Fiber is a web framework written in go. Prior to version 2.52.1,
 	NOT-FOR-US: Fiber
 CVE-2024-23654 (discourse-ai is the AI plugin for the open-source discussion platform  ...)
 	NOT-FOR-US: Discourse plugin
-CVE-2024-23137 (A maliciously crafted STP or SLDPRT file when ODXSW_DLL.dll parsed thr ...)
+CVE-2024-23137 (A maliciously crafted STP or SLDPRT file in ODXSW_DLL.dll when parsed  ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23136 (A maliciously crafted STP file when ASMKERN228A.dll parsed through Aut ...)
+CVE-2024-23136 (A maliciously crafted STP file in ASMKERN228A.dll when parsed through  ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23135 (A maliciously crafted SLDPRT file when ASMkern228A.dll parsed through  ...)
+CVE-2024-23135 (A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed throu ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23134 (A maliciously crafted IGS file when tbb.dll parsed through Autodesk Au ...)
+CVE-2024-23134 (A maliciously crafted IGS file in tbb.dll when parsed through Autodesk ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23133 (A maliciously crafted STP file inASMDATAX228A.dll when parsed through  ...)
+CVE-2024-23133 (A maliciously crafted STP file in ASMDATAX228A.dll when parsed through ...)
 	NOT-FOR-US: Autodesk
 CVE-2024-23132 (A maliciously crafted STP file in atf_dwg_consumer.dll when parsed thr ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23131 (A maliciously crafted STP file in ASMKERN228A.dll or ASMDATAX228A.dllw ...)
+CVE-2024-23131 (A maliciously crafted STP file in ASMKERN228A.dll or ASMDATAX228A.dll  ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23130 (A maliciously crafted SLDASM, or SLDPRT files in ODXSW_DLL.dllwhen par ...)
+CVE-2024-23130 (A maliciously crafted SLDASM, or SLDPRT files in ODXSW_DLL.dll when pa ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP or SLDASMfiles in opennurbs.dll w ...)
+CVE-2024-23129 (A maliciously crafted MODEL 3DM, STP or SLDASM files in opennurbs.dll  ...)
 	NOT-FOR-US: Autodesk
 CVE-2024-23128 (A maliciously crafted MODEL file in libodxdll.dll when parsed through  ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23127 (A maliciously crafted MODEL, SLDPRTor SLDASM file when parsed VCRUNTIM ...)
+CVE-2024-23127 (A maliciously crafted MODEL, SLDPRT or SLDASM file in VCRUNTIME140.dll ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23126 (A maliciously crafted CATPART file when parsed CC5Dll.dll through Auto ...)
+CVE-2024-23126 (A maliciously crafted CATPART file in CC5Dll.dll when parsed through A ...)
 	NOT-FOR-US: Autodesk
 CVE-2024-23125 (A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Au ...)
 	NOT-FOR-US: Autodesk
@@ -85096,10 +85170,10 @@ CVE-2022-47039
 	RESERVED
 CVE-2022-47038
 	RESERVED
-CVE-2022-47037
-	RESERVED
-CVE-2022-47036
-	RESERVED
+CVE-2022-47037 (Siklu TG Terragraph devices before 2.1.1 allow attackers to discover v ...)
+	TODO: check
+CVE-2022-47036 (Siklu TG Terragraph devices before approximately 2.1.1 have a hardcode ...)
+	TODO: check
 CVE-2022-47035 (Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedd ...)
 	NOT-FOR-US: D-Link
 CVE-2022-47034 (A type juggling vulnerability in the component /auth/fn.php of PlaySMS ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71b056860e5ecccfd6651a4b01f4f90f9e72301d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71b056860e5ecccfd6651a4b01f4f90f9e72301d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240318/e80246ef/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list