[Git][security-tracker-team/security-tracker][master] automatic update

Wed, 05 Jun 2024 01:12:16 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
788bbba2 by security tracker role at 2024-06-05T08:11:52+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,76 @@
-CVE-2024-34055
+CVE-2024-5636 (A vulnerability was found in itsourcecode Bakery Online 
Ordering Syste ...)
+       TODO: check
+CVE-2024-5635 (A vulnerability was found in itsourcecode Bakery Online 
Ordering Syste ...)
+       TODO: check
+CVE-2024-5483 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress 
is vul ...)
+       TODO: check
+CVE-2024-5453 (The ProfileGrid \u2013 User Profiles, Groups and Communities 
plugin fo ...)
+       TODO: check
+CVE-2024-5439 (The Blocksy theme for WordPress is vulnerable to Reflected 
Cross-Site  ...)
+       TODO: check
+CVE-2024-5317 (The Newsletter plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+       TODO: check
+CVE-2024-5262 (Files or Directories Accessible to External Parties 
vulnerability in s ...)
+       TODO: check
+CVE-2024-5222 (The Responsive Addons \u2013 Starter Templates, Advanced 
Features and  ...)
+       TODO: check
+CVE-2024-5149 (The BuddyForms plugin for WordPress is vulnerable to Email 
Verificatio ...)
+       TODO: check
+CVE-2024-5006 (The Boostify Header Footer Builder for Elementor plugin for 
WordPress  ...)
+       TODO: check
+CVE-2024-4939 (The Weaver Xtreme Theme Support plugin for WordPress is 
vulnerable to  ...)
+       TODO: check
+CVE-2024-4886 (The  contains an IDOR vulnerability that allows a user to 
comment on a ...)
+       TODO: check
+CVE-2024-4295 (The Email Subscribers by Icegram Express plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2024-4220 (Prior to 23.1, an information disclosure vulnerability exists 
within B ...)
+       TODO: check
+CVE-2024-4219 (Prior to 23.2, it is possible to perform arbitrary Server-Side 
request ...)
+       TODO: check
+CVE-2024-4088 (The Gutenberg Blocks and Page Layouts \u2013 Attire Blocks 
plugin for  ...)
+       TODO: check
+CVE-2024-4084 (A Server-Side Request Forgery (SSRF) vulnerability exists in 
the lates ...)
+       TODO: check
+CVE-2024-3667 (The Brizy \u2013 Page Builder plugin for WordPress is 
vulnerable to St ...)
+       TODO: check
+CVE-2024-36675 (LyLme_spage v1.9.5 is vulnerable to Server-Side Request 
Forgery (SSRF) ...)
+       TODO: check
+CVE-2024-36121 (netty-incubator-codec-ohttp is the OHTTP implementation for 
netty. Bor ...)
+       TODO: check
+CVE-2024-34364 (Envoy is a cloud-native, open source edge and service proxy. 
Envoy exp ...)
+       TODO: check
+CVE-2024-34363 (Envoy is a cloud-native, open source edge and service proxy. 
Due to ho ...)
+       TODO: check
+CVE-2024-34362 (Envoy is a cloud-native, open source edge and service proxy. 
There is  ...)
+       TODO: check
+CVE-2024-32976 (Envoy is a cloud-native, open source edge and service proxy. 
Envoyprox ...)
+       TODO: check
+CVE-2024-32975 (Envoy is a cloud-native, open source edge and service proxy. 
There is  ...)
+       TODO: check
+CVE-2024-32974 (Envoy is a cloud-native, open source edge and service proxy. A 
crash w ...)
+       TODO: check
+CVE-2024-32464 (Action Text brings rich text content and editing to Rails. 
Instances o ...)
+       TODO: check
+CVE-2024-30889 (Cross Site Scripting vulnerability in audimex audimexEE 
v.15.1.2 and f ...)
+       TODO: check
+CVE-2024-2368 (The Mollie Forms plugin for WordPress is vulnerable to 
Cross-Site Requ ...)
+       TODO: check
+CVE-2024-2087 (The Brizy \u2013 Page Builder plugin for WordPress is 
vulnerable to St ...)
+       TODO: check
+CVE-2024-28103 (Action Pack is a framework for handling and responding to web 
requests ...)
+       TODO: check
+CVE-2024-23669 (An improper authorization in Fortinet FortiWebManager version 
7.2.0 an ...)
+       TODO: check
+CVE-2024-23326 (Envoy is a cloud-native, open source edge and service proxy. A 
theoret ...)
+       TODO: check
+CVE-2024-1940 (The Brizy \u2013 Page Builder plugin for WordPress is 
vulnerable to St ...)
+       TODO: check
+CVE-2024-1164 (The Brizy \u2013 Page Builder plugin for WordPress is 
vulnerable to St ...)
+       TODO: check
+CVE-2024-1161 (The Brizy \u2013 Page Builder plugin for WordPress is 
vulnerable to St ...)
+       TODO: check
+CVE-2024-34055 (Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows 
authentica ...)
        - cyrus-imapd 3.8.3-1
        NOTE: 
https://cyrus.topicbox.com/groups/announce/Ta8e3998446caf7f8/cyrus-imap-3-8-3-3-6-5-and-3-4-8-released
 CVE-2024-5463 (A vulnerability regarding buffer copy without checking the size 
of inp ...)
@@ -168447,20 +168519,20 @@ CVE-2022-28660 (The querier component in Grafana 
Enterprise Logs 1.1.x through 1
        NOT-FOR-US: Grafana Enterprise Logs
 CVE-2022-28659
        RESERVED
-CVE-2022-28658
-       RESERVED
-CVE-2022-28657
-       RESERVED
-CVE-2022-28656
-       RESERVED
-CVE-2022-28655
-       RESERVED
-CVE-2022-28654
-       RESERVED
+CVE-2022-28658 (Apport argument parsing mishandles filename splitting on older 
kernels ...)
+       TODO: check
+CVE-2022-28657 (Apport does not disable python crash handler before entering 
chroot)
+       TODO: check
+CVE-2022-28656 (is_closing_session() allows users to consume RAM in the Apport 
process)
+       TODO: check
+CVE-2022-28655 (is_closing_session() allows users to create arbitrary tcp dbus 
connect ...)
+       TODO: check
+CVE-2022-28654 (is_closing_session() allows users to fill up apport.log)
+       TODO: check
 CVE-2022-28653
        RESERVED
-CVE-2022-28652
-       RESERVED
+CVE-2022-28652 (~/.config/apport/settings parsing is vulnerable to "billion 
laughs" at ...)
+       TODO: check
 CVE-2022-1235 (Weak secrethash can be brute-forced in GitHub repository 
livehelpercha ...)
        NOT-FOR-US: livehelperchat
 CVE-2022-1234 (XSS in livehelperchat in GitHub repository 
livehelperchat/livehelperch ...)
@@ -263964,9 +264036,9 @@ CVE-2020-35156
 CVE-2020-35155
        RESERVED
 CVE-2020-35154
-       RESERVED
+       REJECTED
 CVE-2020-35153
-       RESERVED
+       REJECTED
 CVE-2020-35152 (Cloudflare WARP for Windows allows privilege escalation due to 
an unqu ...)
        NOT-FOR-US: Cloudflare WARP for Windows
 CVE-2020-35151 (The Online Marriage Registration System 1.0 post parameter 
"searchdata ...)
@@ -275243,11 +275315,11 @@ CVE-2020-27357
 CVE-2020-27356 (The debug-meta-data plugin 1.1.2 for WordPress allows XSS.)
        NOT-FOR-US: debug-meta-data plugin for WordPress
 CVE-2020-27355
-       RESERVED
+       REJECTED
 CVE-2020-27354
-       RESERVED
+       REJECTED
 CVE-2020-27353
-       RESERVED
+       REJECTED
 CVE-2020-27352
        RESERVED
        - snapd 2.49-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/788bbba2258d23c443b5378a67dd920ea2f6ada3

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/788bbba2258d23c443b5378a67dd920ea2f6ada3
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to