[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Aug 31 09:12:50 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44c3c777 by security tracker role at 2024-08-31T08:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,40 @@
-CVE-2024-44945 [netfilter: nfnetlink: Initialise extack before use in ACKs]
+CVE-2024-8348 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2024-8347 (A vulnerability classified as critical was found in SourceCodester Com ...)
+	TODO: check
+CVE-2024-8346 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2024-8276 (The WPZOOM Portfolio Lite \u2013 Filterable Portfolio Plugin plugin fo ...)
+	TODO: check
+CVE-2024-8006 (Remote packet capture support is disabled by default in libpcap.  When ...)
+	TODO: check
+CVE-2024-7435 (The Attire theme for WordPress is vulnerable to PHP Object Injection i ...)
+	TODO: check
+CVE-2024-6586 (Lightdash version 0.1024.6 allows users with the necessary permissions ...)
+	TODO: check
+CVE-2024-6585 (Multiple stored cross-site scripting (\u201cXSS\u201d) vulnerabilities ...)
+	TODO: check
+CVE-2024-5212 (The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cr ...)
+	TODO: check
+CVE-2024-45304 (Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starkn ...)
+	TODO: check
+CVE-2024-44684 (TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting (XSS) in /h.php/ ...)
+	TODO: check
+CVE-2024-44683 (Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video ...)
+	TODO: check
+CVE-2024-44682 (ShopXO 6.2 is vulnerable to Cross Site Scripting (XSS) in the backend  ...)
+	TODO: check
+CVE-2024-3886 (The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cr ...)
+	TODO: check
+CVE-2024-39747 (IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses d ...)
+	TODO: check
+CVE-2024-39579 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an inc ...)
+	TODO: check
+CVE-2024-39578 (Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX ...)
+	TODO: check
+CVE-2023-7256 (In affected libpcap versions during the setup of a remote packet captu ...)
+	TODO: check
+CVE-2024-44945 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux <unfixed>
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -148,7 +184,7 @@ CVE-2024-1543 (The side-channel protected T-Table implementation in wolfSSL up t
 	- wolfssl 5.6.6-1.2
 	NOTE: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/6854
-CVE-2024-8285
+CVE-2024-8285 (A flaw was found in Kroxylicious. When establishing the connection wit ...)
 	NOT-FOR-US: kroxylicious
 CVE-2024-42934
 	- openipmi <unfixed>
@@ -1587,7 +1623,8 @@ CVE-2022-48937 (In the Linux kernel, the following vulnerability has been resolv
 	- linux 5.16.12-1
 	[bullseye] - linux 5.10.103-1
 	NOTE: https://git.kernel.org/linus/f240762f88b4b1b58561939ffd44837759756477 (5.17-rc6)
-CVE-2022-48936 (In the Linux kernel, the following vulnerability has been resolved:  g ...)
+CVE-2022-48936
+	REJECTED
 	TODO: check
 CVE-2022-48935 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 5.16.12-1
@@ -134364,7 +134401,7 @@ CVE-2022-4540
 CVE-2022-4539
 	RESERVED
 CVE-2022-4538
-	RESERVED
+	REJECTED
 CVE-2022-4537 (The Hide My WP Ghost \u2013 Security Plugin plugin for WordPress is vu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4536
@@ -134384,7 +134421,7 @@ CVE-2022-4530
 CVE-2022-4529
 	RESERVED
 CVE-2022-4528
-	RESERVED
+	REJECTED
 CVE-2022-4527 (A vulnerability was found in collective.task up to 3.0.8. It has been  ...)
 	NOT-FOR-US: collective.task
 CVE-2022-4526 (A vulnerability was found in django-photologue up to 3.15.1 and classi ...)
@@ -136201,7 +136238,7 @@ CVE-2022-4414 (Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framew
 CVE-2022-4413 (Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/frame ...)
 	NOT-FOR-US: nuxt
 CVE-2022-4412
-	RESERVED
+	REJECTED
 CVE-2022-4411
 	REJECTED
 CVE-2022-4410 (The Permalink Manager Lite plugin for WordPress is vulnerable to Store ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44c3c777602a6de642a5a32b3cd1aa7d8b75682f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44c3c777602a6de642a5a32b3cd1aa7d8b75682f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240831/9c7cf207/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list