[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jul 13 09:12:36 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f41cc4b9 by security tracker role at 2024-07-13T08:12:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-6574 (The Laposta plugin for WordPress is vulnerable to Full Path Disclosure ...)
+ TODO: check
+CVE-2024-6070 (The If-So Dynamic Content Personalization WordPress plugin before 1.8. ...)
+ TODO: check
+CVE-2024-5902 (The User Feedback \u2013 Create Interactive Feedback Form, User Survey ...)
+ TODO: check
+CVE-2024-5744 (The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SE ...)
+ TODO: check
+CVE-2024-5715 (The wp-eMember WordPress plugin before 10.6.7 does not sanitise and es ...)
+ TODO: check
+CVE-2024-5713 (The If-So Dynamic Content Personalization WordPress plugin before 1.8. ...)
+ TODO: check
+CVE-2024-5644 (The Tournamatch WordPress plugin before 4.6.1 does not sanitise and es ...)
+ TODO: check
+CVE-2024-5627 (The Tournamatch WordPress plugin before 4.6.1 does not sanitise and es ...)
+ TODO: check
+CVE-2024-5575 (The Ditty WordPress plugin before 3.1.43 does not sanitise and escape ...)
+ TODO: check
+CVE-2024-5472 (The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and ...)
+ TODO: check
+CVE-2024-5450 (The Bug Library WordPress plugin before 2.1.1 does not check the file ...)
+ TODO: check
+CVE-2024-5442 (The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.5 ...)
+ TODO: check
+CVE-2024-5287 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not have ...)
+ TODO: check
+CVE-2024-5286 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanit ...)
+ TODO: check
+CVE-2024-5284 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not have ...)
+ TODO: check
+CVE-2024-5283 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanit ...)
+ TODO: check
+CVE-2024-5282 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanit ...)
+ TODO: check
+CVE-2024-5281 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanit ...)
+ TODO: check
+CVE-2024-5280 (The wp-affiliate-platform WordPress plugin before 6.5.1 does not have ...)
+ TODO: check
+CVE-2024-5167 (The CM Email Registration Blacklist and Whitelist WordPress plugin bef ...)
+ TODO: check
+CVE-2024-5151 (The SULly WordPress plugin before 4.3.1 does not sanitise and escape s ...)
+ TODO: check
+CVE-2024-5080 (The wp-eMember WordPress plugin before 10.6.6 does not validate files ...)
+ TODO: check
+CVE-2024-5079 (The wp-eMember WordPress plugin before 10.6.7 does not sanitise and es ...)
+ TODO: check
+CVE-2024-5077 (The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check ...)
+ TODO: check
+CVE-2024-5076 (The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check ...)
+ TODO: check
+CVE-2024-5075 (The wp-eMember WordPress plugin before 10.6.6 does not sanitise and es ...)
+ TODO: check
+CVE-2024-5074 (The wp-eMember WordPress plugin before 10.6.6 does not sanitise and es ...)
+ TODO: check
+CVE-2024-5034 (The SULly WordPress plugin before 4.3.1 does not have CSRF checks in s ...)
+ TODO: check
+CVE-2024-5033 (The SULly WordPress plugin before 4.3.1 does not have CSRF check in so ...)
+ TODO: check
+CVE-2024-5032 (The SULly WordPress plugin before 4.3.1 does not sanitise and escape a ...)
+ TODO: check
+CVE-2024-5028 (The CM WordPress Search And Replace Plugin WordPress plugin before 1.3 ...)
+ TODO: check
+CVE-2024-5002 (The User Submitted Posts WordPress plugin before 20240516 does not sa ...)
+ TODO: check
+CVE-2024-4977 (The Index WP MySQL For Speed WordPress plugin before 1.4.18 does not s ...)
+ TODO: check
+CVE-2024-4752 (The EventON WordPress plugin before 2.2.15 does not sanitise and escap ...)
+ TODO: check
+CVE-2024-4602 (The Embed Peertube Playlist WordPress plugin before 1.10 does not sani ...)
+ TODO: check
+CVE-2024-4272 (The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG f ...)
+ TODO: check
+CVE-2024-4269 (The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG fil ...)
+ TODO: check
+CVE-2024-4217 (The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not pro ...)
+ TODO: check
+CVE-2024-3964 (The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does ...)
+ TODO: check
+CVE-2024-3963 (The Giveaways and Contests by RafflePress WordPress plugin before 1.1 ...)
+ TODO: check
+CVE-2024-3919 (The OpenPGP Form Encryption for WordPress plugin before 1.5.1 does not ...)
+ TODO: check
+CVE-2024-3753 (The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escap ...)
+ TODO: check
+CVE-2024-3751 (The Seriously Simple Podcasting WordPress plugin before 3.3.0 does not ...)
+ TODO: check
+CVE-2024-3710 (The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 ...)
+ TODO: check
+CVE-2024-3632 (The Smart Image Gallery WordPress plugin before 1.0.19 does not have C ...)
+ TODO: check
+CVE-2024-3026 (The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 d ...)
+ TODO: check
+CVE-2024-31947 (StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Dir ...)
+ TODO: check
+CVE-2024-30213 (StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows rem ...)
+ TODO: check
+CVE-2024-2870 (The socialdriver-framework WordPress plugin before 2024.04.30 does not ...)
+ TODO: check
CVE-2024-6495 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6353 (The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL I ...)
@@ -2282,14 +2380,14 @@ CVE-2024-6501 (A flaw was found in NetworkManager. When a system running Network
[bookworm] - network-manager <no-dsa> (Minor issue)
[bullseye] - network-manager <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2295734
-CVE-2023-39329 [Resource exhaustion will occur in the opj_t1_decode_cblks function in the tcd.c]
+CVE-2023-39329 (A flaw was found in OpenJPEG. A resource exhaustion can occur in the o ...)
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/1474
CVE-2023-39328 (A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This f ...)
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/1471
NOTE: https://github.com/uclouvain/openjpeg/pull/1470
-CVE-2023-39327 [Malicious files can cause the program to enter a large loop]
+CVE-2023-39327 (A flaw was found in OpenJPEG. Maliciously constructed pictures can cau ...)
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/1472
CVE-2024-6526 (A vulnerability classified as problematic has been found in CodeIgnite ...)
@@ -3277,7 +3375,7 @@ CVE-2024-36387 (Serving WebSocket protocol upgrades over a HTTP/2 connection cou
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-36387
NOTE: https://github.com/apache/httpd/commit/62aa64e5aea21dd969db97aded4443c98c0735ac
NOTE: (see also https://svn.apache.org/viewvc?view=revision&revision=1918557)
-CVE-2024-6409 (A signal handler race condition vulnerability was found in OpenSSH's s ...)
+CVE-2024-6409 (A race condition vulnerability was discovered in how signals are handl ...)
- openssh <not-affected> (Exploitable issue in RHEL9 packaged versions)
NOTE: https://www.openwall.com/lists/oss-security/2024/07/08/2
CVE-2024-6387 (A security regression (CVE-2006-5051) was discovered in OpenSSH's serv ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f41cc4b96c7263ccb11006f550f1211a052c6974
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f41cc4b96c7263ccb11006f550f1211a052c6974
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240713/5bc08700/attachment.htm>
More information about the debian-security-tracker-commits
mailing list