[Git][security-tracker-team/security-tracker][master] automatic update

Fri, 28 Jun 2024 01:12:16 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9a9218f0 by security tracker role at 2024-06-28T08:11:45+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2024-6296 (The Stackable \u2013 Page Builder Gutenberg Blocks plugin for 
WordPres ...)
+       TODO: check
+CVE-2024-6288 (The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel & 
more Via  ...)
+       TODO: check
+CVE-2024-6071 (PTC Creo Elements/Direct License Server exposes a web interface 
which  ...)
+       TODO: check
+CVE-2024-5864 (The Easy Affiliate Links plugin for WordPress is vulnerable to 
unautho ...)
+       TODO: check
+CVE-2024-5863 (The Easy Image Collage plugin for WordPress is vulnerable to 
unauthori ...)
+       TODO: check
+CVE-2024-5796 (The Infinite theme for WordPress is vulnerable to Stored 
Cross-Site Sc ...)
+       TODO: check
+CVE-2024-5788 (The Silesia theme for WordPress is vulnerable to Stored 
Cross-Site Scr ...)
+       TODO: check
+CVE-2024-5730 (The Pagerank tools WordPress plugin through 1.1.5 does not 
sanitise an ...)
+       TODO: check
+CVE-2024-5729 (The Simple AL Slider WordPress plugin through 1.2.10 does not 
sanitise ...)
+       TODO: check
+CVE-2024-5728 (The Animated AL List WordPress plugin through 1.0.6 does not 
sanitise  ...)
+       TODO: check
+CVE-2024-5727 (The Widget4Call WordPress plugin through 1.0.7 does not 
sanitise and e ...)
+       TODO: check
+CVE-2024-5642 (CPython 3.9 and earlier doesn't disallow configuring an empty 
list ("[ ...)
+       TODO: check
+CVE-2024-5570 (The Simple Photoswipe WordPress plugin through 0.1 does not 
have autho ...)
+       TODO: check
+CVE-2024-4395 (The XPC service within the audit functionality of Jamf 
Compliance Edit ...)
+       TODO: check
+CVE-2024-39708 (An issue was discovered in the Agent in Delinea Privilege 
Manager (for ...)
+       TODO: check
+CVE-2024-39705 (NLTK through 3.8.1 allows remote code execution if untrusted 
packages  ...)
+       TODO: check
+CVE-2024-39352 (A vulnerability regarding incorrect authorization is found in 
the firm ...)
+       TODO: check
+CVE-2024-39351 (A vulnerability regarding improper neutralization of special 
elements  ...)
+       TODO: check
+CVE-2024-39350 (A vulnerability regarding authentication bypass by spoofing is 
found i ...)
+       TODO: check
+CVE-2024-39349 (A vulnerability regarding buffer copy without checking size of 
input ( ...)
+       TODO: check
+CVE-2024-39348 (Download of code without integrity check vulnerability in 
AirPrint fun ...)
+       TODO: check
+CVE-2024-39347 (Incorrect default permissions vulnerability in firewall 
functionality  ...)
+       TODO: check
+CVE-2024-39209 (luci-app-sms-tool v1.9-6 was discovered to contain a command 
injection ...)
+       TODO: check
+CVE-2024-39134 (A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 
allows attac ...)
+       TODO: check
+CVE-2024-39132 (A NULL Pointer Dereference vulnerability in DumpTS 
v0.1.0-nightly allo ...)
+       TODO: check
+CVE-2024-37282 (It was identified that under certain specific preconditions, 
an API ke ...)
+       TODO: check
+CVE-2024-37137 (Dell Key Trust Platform, v3.0.6 and prior, contains Use of a 
Cryptogra ...)
+       TODO: check
+CVE-2024-36755 (D-Link DIR-1950 up to v1.11B03 does not validate SSL 
certificates when ...)
+       TODO: check
+CVE-2024-36075 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys 
Unify thr ...)
+       TODO: check
+CVE-2024-36074 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys 
Unify thr ...)
+       TODO: check
+CVE-2024-36073 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys 
Unify thr ...)
+       TODO: check
+CVE-2024-36072 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys 
Unify thr ...)
+       TODO: check
+CVE-2024-36059 (Directory Traversal vulnerability in Kalkitech ASE ASE61850 
IEDSmart u ...)
+       TODO: check
+CVE-2024-30135 (HCL DRYiCE AEX is potentially impacted by disclosure of 
sensitive info ...)
+       TODO: check
+CVE-2024-30111 (HCL DRYiCE AEX product is impacted by Missing Root Detection 
vulnerabi ...)
+       TODO: check
+CVE-2024-30110 (HCL DRYiCE AEX product is impacted by lack of input validation 
vulnera ...)
+       TODO: check
+CVE-2024-30109 (HCL DRYiCE AEX is impacted by a lack of clickjacking 
protection in the ...)
+       TODO: check
+CVE-2024-2973 (An Authentication Bypass Using an Alternate Path or Channel 
vulnerabil ...)
+       TODO: check
+CVE-2024-2795 (The SEO SIMPLE PACK plugin for WordPress is vulnerable to 
Information  ...)
+       TODO: check
+CVE-2024-22276 (VMware Cloud Director Object Storage Extension contains an 
Insertion o ...)
+       TODO: check
+CVE-2024-22272 (VMware Cloud Director contains an Improper Privilege 
Management vulner ...)
+       TODO: check
+CVE-2024-22260 (VMware Workspace One UEM update addresses an information 
exposure vuln ...)
+       TODO: check
+CVE-2023-52892 (In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 
3.0.33,  ...)
+       TODO: check
+CVE-2023-47803 (A vulnerability regarding improper limitation of a pathname to 
a restr ...)
+       TODO: check
+CVE-2023-47802 (A vulnerability regarding improper neutralization of special 
elements  ...)
+       TODO: check
+CVE-2016-20022 (In the Linux kernel before 4.8, usb_parse_endpoint in 
drivers/usb/core ...)
+       TODO: check
 CVE-2024-6388 (Marco Trevisan discovered that the Ubuntu Advantage Desktop 
Daemon, be ...)
        NOT-FOR-US: ubuntu-advantage-desktop-daemon
 CVE-2024-6374 (A vulnerability was found in lahirudanushka School Management 
System 1 ...)
@@ -6052,7 +6144,7 @@ CVE-2023-37539 (The Domino Catalog template is 
susceptible to a Stored Cross-Sit
        NOT-FOR-US: HCL
 CVE-2023-32475 (Dell BIOS contains a missing support for integrity check 
vulnerability ...)
        NOT-FOR-US: Dell
-CVE-2022-4968 (netplan leaks the private key of wireguard to local users. A 
security  ...)
+CVE-2022-4968 (netplan leaks the private key of wireguard to local users. 
Versions af ...)
        - netplan.io <unfixed> (bug #1072789)
        [bookworm] - netplan.io <no-dsa> (Minor issue)
        [bullseye] - netplan.io <no-dsa> (Minor issue)
@@ -28195,6 +28287,7 @@ CVE-2021-47208 (The Mojolicious module before 9.11 for 
Perl has a bug in format
        NOTE: https://github.com/mojolicious/mojo/issues/1736
        NOTE: 
https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c
 (v9.11)
 CVE-2020-36829 (The Mojolicious module before 8.65 for Perl is vulnerable to 
secure_co ...)
+       {DLA-3846-1}
        - libmojolicious-perl 8.65+dfsg-1
        NOTE: https://github.com/mojolicious/mojo/pull/1601 (v8.65)
        NOTE: https://github.com/mojolicious/mojo/issues/1599



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a9218f0cce6a609380688ef0dcd0e9233eba1cd

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a9218f0cce6a609380688ef0dcd0e9233eba1cd
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to