[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 8 09:12:25 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f79ca05e by security tracker role at 2024-08-08T08:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2024-7561 (The The Next theme for WordPress is vulnerable to PHP Object Injection ...)
+ TODO: check
+CVE-2024-7560 (The News Flash theme for WordPress is vulnerable to PHP Object Injecti ...)
+ TODO: check
+CVE-2024-7548 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-7492 (The MainWP Child Reports plugin for WordPress is vulnerable to Cross-S ...)
+ TODO: check
+CVE-2024-7486 (The MultiPurpose theme for WordPress is vulnerable to PHP Object Injec ...)
+ TODO: check
+CVE-2024-7350 (The Appointment Booking Calendar Plugin and Online Scheduling Plugin \ ...)
+ TODO: check
+CVE-2024-7150 (The Slider by 10Web \u2013 Responsive Image Slider plugin for WordPres ...)
+ TODO: check
+CVE-2024-6987 (The Orchid Store theme for WordPress is vulnerable to unauthorized mod ...)
+ TODO: check
+CVE-2024-6893 (The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to ...)
+ TODO: check
+CVE-2024-6892 (Attackers can craft a malicious link that once clicked will execute ar ...)
+ TODO: check
+CVE-2024-6891 (Attackers with a valid username and password can exploit a python code ...)
+ TODO: check
+CVE-2024-6890 (Password reset tokens are generated using an insecure source of random ...)
+ TODO: check
+CVE-2024-6884 (The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3. ...)
+ TODO: check
+CVE-2024-6869 (The Falang multilanguage for WordPress plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2024-6824 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-6707 (Attacker controlled files can be uploaded to arbitrary locations on th ...)
+ TODO: check
+CVE-2024-6706 (Attackers can craft a malicious prompt that coerces the language model ...)
+ TODO: check
+CVE-2024-6552 (The Booking for Appointments and Events Calendar \u2013 Amelia plugin ...)
+ TODO: check
+CVE-2024-6481 (The Search & Filter Pro WordPress plugin before 2.5.18 does not saniti ...)
+ TODO: check
+CVE-2024-6254 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Cr ...)
+ TODO: check
+CVE-2024-5668 (The Lightbox & Modal Popup WordPress Plugin \u2013 FooBox plugin for W ...)
+ TODO: check
+CVE-2024-5226 (The Fuse Social Floating Sidebar plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-38202 (Summary Microsoft was notified that an elevation of privilege vulnerab ...)
+ TODO: check
+CVE-2024-22069 (There is a permission and access control vulnerability of ZTE's ZXV10 ...)
+ TODO: check
+CVE-2024-21302 (Summary: Microsoft was notified that an elevation of privilege vulnera ...)
+ TODO: check
CVE-2024-43168
- unbound 1.20.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2303462
@@ -450,21 +500,27 @@ CVE-2024-5290 (An issue was discovered in Ubuntu wpa_supplicant that resulted in
- wpa 2:2.10-22
NOTE: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613
CVE-2024-7550 (Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a ...)
+ {DSA-5741-1}
- chromium 127.0.6533.99-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7536 (Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 all ...)
+ {DSA-5741-1}
- chromium 127.0.6533.99-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7535 (Inappropriate implementation in V8 in Google Chrome prior to 127.0.653 ...)
+ {DSA-5741-1}
- chromium 127.0.6533.99-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7534 (Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 ...)
+ {DSA-5741-1}
- chromium 127.0.6533.99-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7533 (Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533. ...)
+ {DSA-5741-1}
- chromium 127.0.6533.99-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7532 (Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6 ...)
+ {DSA-5741-1}
- chromium 127.0.6533.99-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2024-7531 (Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f79ca05e7228cac7e343068160ce663892bc6273
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f79ca05e7228cac7e343068160ce663892bc6273
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240808/de3c0e28/attachment.htm>
More information about the debian-security-tracker-commits
mailing list