[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 30 09:12:21 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b49bcf93 by security tracker role at 2024-08-30T08:11:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2024-8333
+	REJECTED
+CVE-2024-8330 (6SHR system from Gether Technology does not properly validate uploaded ...)
+	TODO: check
+CVE-2024-8329 (6SHR system from Gether Technology does not properly validate the spec ...)
+	TODO: check
+CVE-2024-8328 (Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL T ...)
+	TODO: check
+CVE-2024-8327 (Easy test  Online Learning and Testing Platform fromHWA JIUH DIGITAL T ...)
+	TODO: check
+CVE-2024-8319 (The Tourfic plugin for WordPress is vulnerable to Cross-Site Request F ...)
+	TODO: check
+CVE-2024-8234 (** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in t ...)
+	TODO: check
+CVE-2024-8016 (The Events Calendar Pro plugin for WordPress is vulnerable to PHP Obje ...)
+	TODO: check
+CVE-2024-6672 (In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vul ...)
+	TODO: check
+CVE-2024-6671 (In WhatsUp Gold versions released before 2024.0.0, if the application  ...)
+	TODO: check
+CVE-2024-6670 (In WhatsUp Gold versions released before 2024.0.0,a SQL Injection vuln ...)
+	TODO: check
+CVE-2024-5879 (The HubSpot \u2013 CRM, Email Marketing, Live Chat, Forms & Analytics  ...)
+	TODO: check
+CVE-2024-5784 (The Tutor LMS  Pro plugin for WordPress is vulnerable to unauthorized  ...)
+	TODO: check
+CVE-2024-5061 (The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vul ...)
+	TODO: check
+CVE-2024-5024 (The Memberpress plugin for WordPress is vulnerable to Reflected Cross- ...)
+	TODO: check
+CVE-2024-4401 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...)
+	TODO: check
+CVE-2024-45492 (An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in  ...)
+	TODO: check
+CVE-2024-45491 (An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse. ...)
+	TODO: check
+CVE-2024-45490 (An issue was discovered in libexpat before 2.6.3. xmlparse.c does not  ...)
+	TODO: check
+CVE-2024-45488 (One Identity Safeguard for Privileged Passwords before 7.5.2 allows un ...)
+	TODO: check
+CVE-2024-45302 (RestSharp is a Simple REST and HTTP API Client for .NET. The second ar ...)
+	TODO: check
+CVE-2024-44944 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	TODO: check
+CVE-2024-42412 (Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S116 ...)
+	TODO: check
+CVE-2024-41349 (unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via applicati ...)
+	TODO: check
+CVE-2024-3998 (The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
+	TODO: check
+CVE-2024-3673 (The Web Directory Free WordPress plugin before 1.7.3 does not validate ...)
+	TODO: check
+CVE-2024-39300 (Missing authentication vulnerability exists in Telnet function of WAB- ...)
+	TODO: check
+CVE-2024-34577 (Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000 ...)
+	TODO: check
+CVE-2024-2881 (Fault Injection vulnerability inwc_ed25519_sign_msg function in wolfss ...)
+	TODO: check
+CVE-2024-2694 (The Betheme theme for WordPress is vulnerable to PHP Object Injection  ...)
+	TODO: check
+CVE-2024-2502 (An application can be configured to block boot attempts after consecut ...)
+	TODO: check
+CVE-2024-1545 (Fault Injection vulnerability in RsaPrivateDecryption function in wolf ...)
+	TODO: check
+CVE-2024-1543 (The side-channel protected T-Table implementation in wolfSSL up to ver ...)
+	TODO: check
 CVE-2024-8285
 	NOT-FOR-US: kroxylicious
 CVE-2024-42934
@@ -221,12 +287,15 @@ CVE-2024-8250 (NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2024-11.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19943
 CVE-2024-8198 (Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113  ...)
+	{DSA-5761-1}
 	- chromium 128.0.6613.113-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-8194 (Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed  ...)
+	{DSA-5761-1}
 	- chromium 128.0.6613.113-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-8193 (Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113  ...)
+	{DSA-5761-1}
 	- chromium 128.0.6613.113-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-7857 (The Media Library Folders plugin for WordPress is vulnerable to second ...)
@@ -1633,6 +1702,7 @@ CVE-2024-7971 (Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allo
 	- chromium 128.0.6613.84-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-7969 (Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed  ...)
+	{DSA-5761-1}
 	- chromium 128.0.6613.113-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2024-7968 (Use after free in Autofill in Google Chrome prior to 128.0.6613.84 all ...)
@@ -9046,7 +9116,8 @@ CVE-2024-41664 (Canarytokens help track activity and actions on a network. Prior
 	NOT-FOR-US: Canarytokens
 CVE-2024-41663 (Canarytokens help track activity and actions on a network.  A Cross-Si ...)
 	NOT-FOR-US: Canarytokens
-CVE-2024-41661 (reNgine is an automated reconnaissance framework for web applications. ...)
+CVE-2024-41661
+	REJECTED
 	NOT-FOR-US: reNgine
 CVE-2024-41655 (TF2 Item Format helps users format TF2 items to the community standard ...)
 	NOT-FOR-US: TF2 Item Format
@@ -41593,7 +41664,7 @@ CVE-2024-21508 (Versions of the package mysql2 before 3.9.4 are vulnerable to Re
 	NOT-FOR-US: Node mysql2
 CVE-2023-6811 (The Language Translate Widget for WordPress \u2013 ConveyThis plugin f ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-6257 (The Inline Related Posts WordPress plugin before 3.6.0 does not ensure ...)
+CVE-2023-6257 (The Inline Related Posts WordPress plugin before 3.6.0 is missing auth ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3570 (A stored Cross-Site Scripting (XSS) vulnerability exists in the chat f ...)
 	NOT-FOR-US: anything-llm
@@ -49737,7 +49808,7 @@ CVE-2023-7236 (The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to I
 	NOT-FOR-US: WordPress plugin
 CVE-2023-7085 (The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does n ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-6821 (The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 cont ...)
+CVE-2023-6821 (The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-41334 (Astropy is a project for astronomy in Python that fosters interoperabi ...)
 	{DLA-3803-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b49bcf9313d97524ae8970c4af699d0f47cf00f3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b49bcf9313d97524ae8970c4af699d0f47cf00f3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240830/6eb243f6/attachment.htm>

More information about the debian-security-tracker-commits mailing list