[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 04 Jul 2024 13:12:48 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
96c7606c by security tracker role at 2024-07-04T20:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2024-6513
+       REJECTED
+CVE-2024-6511 (A vulnerability classified as problematic was found in 
y_project RuoYi ...)
+       TODO: check
+CVE-2024-6507 (Command injection when ingesting a remote Kaggle dataset due to 
a lack ...)
+       TODO: check
+CVE-2024-6506 (Information exposure vulnerability in the MRW plugin, in 
its5.4.3 vers ...)
+       TODO: check
+CVE-2024-6434 (The Premium Addons for Elementor plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2024-6319 (The IMGspider plugin for WordPress is vulnerable to arbitrary 
file upl ...)
+       TODO: check
+CVE-2024-6318 (The IMGspider plugin for WordPress is vulnerable to arbitrary 
file upl ...)
+       TODO: check
+CVE-2024-5943 (The Nested Pages plugin for WordPress is vulnerable to 
Cross-Site Requ ...)
+       TODO: check
+CVE-2024-3904 (Incorrect Default Permissions vulnerability in Smart Device 
Communicat ...)
+       TODO: check
+CVE-2024-39934 (Robotmk before 2.0.1 allows a local user to escalate 
privileges (e.g., ...)
+       TODO: check
+CVE-2024-39933 (Gogs through 0.13.0 allows argument injection during the 
tagging of a  ...)
+       TODO: check
+CVE-2024-39932 (Gogs through 0.13.0 allows argument injection during the 
previewing of ...)
+       TODO: check
+CVE-2024-39931 (Gogs through 0.13.0 allows deletion of internal files.)
+       TODO: check
+CVE-2024-39930 (The built-in SSH server of Gogs through 0.13.0 allows argument 
injecti ...)
+       TODO: check
+CVE-2024-39929 (Exim through 4.97.1 misparses a multiline RFC 2231 header 
filename, an ...)
+       TODO: check
+CVE-2024-39211 (Kaiten 57.128.8 allows remote attackers to enumerate user 
accounts via ...)
+       TODO: check
+CVE-2024-39165 (QR/demoapp/qr_image.php in Asial JpGraph Professional through 
4.2.6-pr ...)
+       TODO: check
+CVE-2024-37476 (Cross Site Scripting (XSS) vulnerability in Automattic 
Newspack Campai ...)
+       TODO: check
+CVE-2024-37474 (Cross Site Scripting (XSS) vulnerability in Automattic 
Newspack Ads al ...)
+       TODO: check
+CVE-2024-37472 (Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice 
allows R ...)
+       TODO: check
+CVE-2024-37471 (Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice 
Core all ...)
+       TODO: check
+CVE-2024-32754 (Under certain circumstances, when the controller is in factory 
reset m ...)
+       TODO: check
+CVE-2024-22277 (VMware Cloud Director Availability contains an HTML injection 
vulnerab ...)
+       TODO: check
+CVE-2024-1574 (Use of Externally-Controlled Input to Select Classes or Code 
('Unsafe  ...)
+       TODO: check
+CVE-2024-1573 (Improper Authentication vulnerability in the mobile monitoring 
feature ...)
+       TODO: check
+CVE-2024-1182 (Uncontrolled Search Path Element vulnerability in ICONICS 
GENESIS64 al ...)
+       TODO: check
 CVE-2024-6464
        REJECTED
 CVE-2024-6463
@@ -320,7 +372,8 @@ CVE-2024-34586 (Improper access control in 
KnoxCustomManagerService prior to SMR
        NOT-FOR-US: Samsung
 CVE-2024-34585 (Improper access control in launchApp of SystemUI prior to SMR 
Jul-2024 ...)
        NOT-FOR-US: Samsung
-CVE-2024-34584 (Improper privilege management in SumeNNService prior to SMR 
Jul-2024 R ...)
+CVE-2024-34584
+       REJECTED
        NOT-FOR-US: Samsung
 CVE-2024-34583 (Improper access control in system property prior to SMR 
Jul-2024 Relea ...)
        NOT-FOR-US: Samsung
@@ -679,7 +732,7 @@ CVE-2024-0153 (Improper Restriction of Operations within 
the Bounds of a Memory
        TODO: check
 CVE-2023-43554 (Memory corruption while processing IOCTL handler in FastRPC.)
        NOT-FOR-US: Qualcomm
-CVE-2024-39884
+CVE-2024-39884 (A regression in the core of Apache HTTP Server 2.4.60 ignores 
some use ...)
        - apache2 2.4.61-1
        [bookworm] - apache2 <not-affected> (Vulnerable code not present)
        [bullseye] - apache2 <not-affected> (Vulnerable code not present)
@@ -71258,7 +71311,7 @@ CVE-2023-5063 (The Widget Responsive for Youtube plugin 
for WordPress is vulnera
        NOT-FOR-US: WordPress plugin
 CVE-2023-5062 (The WordPress Charts plugin for WordPress is vulnerable to 
Stored Cros ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-4088 (Incorrect Default Permissions vulnerability due to incomplete 
fix to a ...)
+CVE-2023-4088 (Incorrect Default Permissions vulnerability in Mitsubishi 
Electric Cor ...)
        NOT-FOR-US: Mitsubishi
 CVE-2023-43621 (An issue was discovered in Croc through 9.6.5. The shared 
secret, loca ...)
        - croc <itp> (bug #1017956)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96c7606cef59b9a44b7105633f1e1a1e7d6bd39b

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96c7606cef59b9a44b7105633f1e1a1e7d6bd39b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to