[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 26 Jun 2024 01:12:23 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
eef40b59 by security tracker role at 2024-06-26T08:11:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2024-6060 (An information disclosure vulnerability in Phloc Webscopes 
7.0.0 allow ...)
+       TODO: check
+CVE-2024-5573 (The Easy Table of Contents WordPress plugin before 2.0.66 does 
not san ...)
+       TODO: check
+CVE-2024-5473 (The Simple Photoswipe WordPress plugin through 0.1 does not 
sanitise a ...)
+       TODO: check
+CVE-2024-5460 (A vulnerability in the default configuration of the Simple 
Network  Ma ...)
+       TODO: check
+CVE-2024-5332 (The Exclusive Addons for Elementor plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2024-5215 (The HT Mega \u2013 Absolute Addons For Elementor plugin for 
WordPress  ...)
+       TODO: check
+CVE-2024-5199 (The Spotify Play Button WordPress plugin through 1.0 does not 
validate ...)
+       TODO: check
+CVE-2024-5181 (A command injection vulnerability exists in the mudler/localai 
version ...)
+       TODO: check
+CVE-2024-5173 (The HT Mega \u2013 Absolute Addons For Elementor plugin for 
WordPress  ...)
+       TODO: check
+CVE-2024-5169 (The Video Widget WordPress plugin through 1.2.3 does not 
sanitise and  ...)
+       TODO: check
+CVE-2024-5071 (The Bookster  WordPress plugin through 1.1.0 allows adding 
sensitive p ...)
+       TODO: check
+CVE-2024-5019 (In WhatsUp Gold versions released before 2023.1.3,  an 
unauthenticated ...)
+       TODO: check
+CVE-2024-5018 (In WhatsUp Gold versions released before 2023.1.3, an 
unauthenticated  ...)
+       TODO: check
+CVE-2024-5017 (In WhatsUp Gold versions released before 2023.1.3, a path 
traversal vu ...)
+       TODO: check
+CVE-2024-5016 (In WhatsUp Gold versions released before 2023.1.3, Distributed 
Edition ...)
+       TODO: check
+CVE-2024-5015 (In WhatsUp Gold versions released before 2023.1.3,an 
authenticated SSR ...)
+       TODO: check
+CVE-2024-5014 (In WhatsUp Gold versions released before 2023.1.3, a Server 
Side Reque ...)
+       TODO: check
+CVE-2024-5013 (In WhatsUp Gold versions released before 2023.1.3,an 
unauthenticated D ...)
+       TODO: check
+CVE-2024-5012 (In WhatsUp Gold versions released before 2023.1.3, there is 
amissing a ...)
+       TODO: check
+CVE-2024-4959 (The Frontend Checklist WordPress plugin through 2.3.2 does not 
sanitis ...)
+       TODO: check
+CVE-2024-4957 (The Frontend Checklist WordPress plugin through 2.3.2 does not 
sanitis ...)
+       TODO: check
+CVE-2024-4869 (The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for 
WordPre ...)
+       TODO: check
+CVE-2024-4758 (The Muslim Prayer Time BD WordPress plugin through 2.4 does not 
have C ...)
+       TODO: check
+CVE-2024-4106 (A vulnerability has been found in FAST/TOOLS and CI Server. The 
affect ...)
+       TODO: check
+CVE-2024-4105 (A vulnerability has been found in FAST/TOOLS and CI Server. The 
affect ...)
+       TODO: check
+CVE-2024-3633 (The WebP & SVG Support WordPress plugin through 1.4.0 does not 
sanitis ...)
+       TODO: check
+CVE-2024-38526 (pdoc provides API Documentation for Python Projects. 
Documentation gen ...)
+       TODO: check
+CVE-2024-38516 (ai-client-html is an Aimeos e-commerce HTML client component. 
Debug in ...)
+       TODO: check
+CVE-2024-38364 (DSpace is an open source software is a turnkey repository 
application  ...)
+       TODO: check
+CVE-2024-37855 (An issue in Nepstech Wifi Router xpon (terminal) 
NTPL-Xpon1GFEVN, hard ...)
+       TODO: check
+CVE-2024-37843 (Craft CMS up to v3.7.31 was discovered to contain a SQL 
injection vuln ...)
+       TODO: check
+CVE-2024-37742 (An issue in Safe Exam Browser for Windows before 3.6 allows an 
attacke ...)
+       TODO: check
+CVE-2024-37141 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 
7.10.1. ...)
+       TODO: check
+CVE-2024-37140 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 
7.10.1. ...)
+       TODO: check
+CVE-2024-37139 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 
7.10.1. ...)
+       TODO: check
+CVE-2024-37138 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 
7.10.1. ...)
+       TODO: check
+CVE-2024-36802
+       REJECTED
+CVE-2024-35527 (An arbitrary file upload vulnerability in 
/fileupload/upload.cfm in Da ...)
+       TODO: check
+CVE-2024-35526 (An issue in Daemon PTY Limited FarCry Core framework before 
7.2.14 all ...)
+       TODO: check
+CVE-2024-34581 (The W3C XML Signature Syntax and Processing (XMLDsig) 
specification, s ...)
+       TODO: check
+CVE-2024-34580 (Apache XML Security for C++ through 2.0.4 implements the XML 
Signature ...)
+       TODO: check
+CVE-2024-34400 (An issue was discovered in VirtoSoftware Virto Kanban Board 
Web Part b ...)
+       TODO: check
+CVE-2024-30931 (Stored Cross Site Scripting vulnerability in Emby Media Server 
Emby Me ...)
+       TODO: check
+CVE-2024-30112 (HCL Connections is vulnerable to a cross-site scripting attack 
where a ...)
+       TODO: check
+CVE-2024-29954 (A vulnerability in a password management API in Brocade Fabric 
OS vers ...)
+       TODO: check
+CVE-2024-29953 (A vulnerability in the web interface in Brocade Fabric OS 
before v9.2. ...)
+       TODO: check
+CVE-2024-29177 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 
7.10.1. ...)
+       TODO: check
+CVE-2024-29176 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 
7.10.1. ...)
+       TODO: check
+CVE-2024-29175 (Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 
7.7.5.4 ...)
+       TODO: check
+CVE-2024-29174 (Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, 
LTS 7.10.1 ...)
+       TODO: check
+CVE-2024-29173 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 
7.10.1. ...)
+       TODO: check
+CVE-2024-28973 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 
7.10.1. ...)
+       TODO: check
+CVE-2024-28830 (Insertion of Sensitive Information into Log File in Checkmk 
GmbH's Che ...)
+       TODO: check
+CVE-2024-27867 (An authentication issue was addressed with improved state 
management.  ...)
+       TODO: check
+CVE-2024-24764 (October is a self-hosted CMS platform based on the Laravel PHP 
Framewo ...)
+       TODO: check
+CVE-2024-21741 (GigaDevice GD32E103C8T6 devices have Incorrect Access Control.)
+       TODO: check
+CVE-2024-21740 (Artery AT32F415CBT7 and AT32F421C8T7 devices have Incorrect 
Access Con ...)
+       TODO: check
+CVE-2024-21739 (Geehy APM32F103CCT6, APM32F103RCT6, APM32F103RCT7, and 
APM32F103VCT6 d ...)
+       TODO: check
+CVE-2024-21520 (Versions of the package djangorestframework before 3.15.2 are 
vulnerab ...)
+       TODO: check
 CVE-2024-6308 (A vulnerability was found in itsourcecode Simple Online Hotel 
Reservat ...)
        NOT-FOR-US: itsourcecode Simple Online Hotel Reservation System
 CVE-2024-6307 (WordPress Core is vulnerable to Stored Cross-Site Scripting via 
the HT ...)
@@ -354,18 +472,22 @@ CVE-2023-45196 (Adminer and AdminerEvo allow an 
unauthenticated remote attacker
 CVE-2023-45195 (Adminer and AdminerEvo are vulnerable to SSRF via database 
connection  ...)
        TODO: check
 CVE-2024-6293 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 
allowe ...)
+       {DSA-5720-1}
        - chromium 126.0.6478.126-1
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-6292 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 
allowe ...)
+       {DSA-5720-1}
        - chromium 126.0.6478.126-1
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-6291 (Use after free in Swiftshader in Google Chrome prior to 
126.0.6478.126 ...)
+       {DSA-5720-1}
        - chromium 126.0.6478.126-1
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-6290 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 
allowe ...)
+       {DSA-5720-1}
        - chromium 126.0.6478.126-1
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
@@ -6072,9 +6194,9 @@ CVE-2023-6734
        REJECTED
 CVE-2023-50804 (An issue was discovered in Samsung Mobile Processor, and Modem 
Exynos  ...)
        NOT-FOR-US: Samsung
-CVE-2023-50803 (An issue was discovered in Samsung Mobile Processor, 
Automotive Proces ...)
+CVE-2023-50803 (An issue was discovered in Samsung Mobile Processor, and Modem 
Exynos  ...)
        NOT-FOR-US: Samsung
-CVE-2023-49928 (An issue was discovered in Samsung Mobile Processor, 
Automotive Proces ...)
+CVE-2023-49928 (An issue was discovered in Samsung Mobile Processor, Wearable 
Processo ...)
        NOT-FOR-US: Samsung
 CVE-2023-49927 (An issue was discovered in Samsung Mobile Processor, Wearable 
Processo ...)
        NOT-FOR-US: Samsung



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eef40b590a6855780e4cf54972c3b5b7527d41e8

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eef40b590a6855780e4cf54972c3b5b7527d41e8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to