[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 24 09:12:00 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9693d3f7 by security tracker role at 2024-07-24T08:11:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2024-7027 (The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to a ...)
+ TODO: check
+CVE-2024-6930 (The WP Booking Calendar plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2024-6836 (The Funnel Builder for WordPress by FunnelKit \u2013 Customize WooComm ...)
+ TODO: check
+CVE-2024-6756 (The Social Auto Poster plugin for WordPress is vulnerable to arbitrary ...)
+ TODO: check
+CVE-2024-6755 (The Social Auto Poster plugin for WordPress is vulnerable to unauthori ...)
+ TODO: check
+CVE-2024-6754 (The Social Auto Poster plugin for WordPress is vulnerable to unauthori ...)
+ TODO: check
+CVE-2024-6753 (The Social Auto Poster plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-6752 (The Social Auto Poster plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-6751 (The Social Auto Poster plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2024-6750 (The Social Auto Poster plugin for WordPress is vulnerable to unauthori ...)
+ TODO: check
+CVE-2024-6629 (The All-in-One Video Gallery plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2024-6571 (The Optimize Images ALT Text (alt tag) & names for SEO using AI plugin ...)
+ TODO: check
+CVE-2024-6553 (The WP Meteor Website Speed Optimization Addon plugin for WordPress is ...)
+ TODO: check
+CVE-2024-6094 (The WP ULike WordPress plugin before 4.7.1 does not sanitise and esca ...)
+ TODO: check
+CVE-2024-5861 (The WP EasyPay \u2013 Square for WordPress plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-41656 (Sentry is an error tracking and performance monitoring platform. Start ...)
+ TODO: check
+CVE-2024-3454 (An implementation issue in the Connectivity Standards Alliance Matter ...)
+ TODO: check
+CVE-2024-3297 (An issue in the Certificate Authenticated Session Establishment (CASE) ...)
+ TODO: check
+CVE-2024-3246 (The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site R ...)
+ TODO: check
+CVE-2024-39676 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-38176 (An improper restriction of excessive authentication attempts in GroupM ...)
+ TODO: check
+CVE-2024-38164 (An improper access control vulnerability in GroupMe allows an a unauth ...)
+ TODO: check
+CVE-2024-0981 (Okta Browser Plugin versions 6.5.0 through 6.31.0 (Chrome/Edge/Firefox ...)
+ TODO: check
+CVE-2023-48362 (XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greate ...)
+ TODO: check
+CVE-2023-32471 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bou ...)
+ TODO: check
+CVE-2023-32466 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bou ...)
+ TODO: check
CVE-2024-7014 (EvilVideo vulnerability allows sending malicious apps disguised as vid ...)
NOT-FOR-US: Telegram for Android
CVE-2024-6783 (A vulnerability has been discovered in Vue, that allows an attacker to ...)
@@ -5138,7 +5190,7 @@ CVE-2023-51776 (Improper privilege management in Jungo WinDriver before 12.1.0 a
NOT-FOR-US: Jungo WinDriver
CVE-2023-39324
REJECTED
-CVE-2024-40767
+CVE-2024-40767 (In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1. ...)
- nova <not-affected> (Incomplete fix/regression never introduced in Debian as fix for CVE-2024-32498 complete)
CVE-2024-32498 (An issue was discovered in OpenStack Cinder through 24.0.0, Glance bef ...)
- cinder <unfixed> (bug #1074763)
@@ -7421,14 +7473,14 @@ CVE-2023-3352 (The Smush plugin for WordPress is vulnerable to unauthorized dele
NOT-FOR-US: WordPress plugin
CVE-2021-47621 (ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XX ...)
NOT-FOR-US: ClassGraph
-CVE-2024-6874
+CVE-2024-6874 (libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/ ...)
- curl <unfixed>
[bookworm] - curl <not-affected> (Vulnerable code introduced later)
[bullseye] - curl <not-affected> (Vulnerable code introduced later)
NOTE: https://curl.se/docs/CVE-2024-6874.html
NOTE: Introduced in: https://github.com/curl/curl/commit/add22feeef07858307be5722e1869e082554290e (curl-8_8_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/686d54baf1df6e0775898f484d1670742898b3b2 (curl-8_9_0)
-CVE-2024-6197 [freeing stack buffer in utf8asn1str]
+CVE-2024-6197 (libcurl's ASN1 parser has this utf8asn1str() function used for parsing ...)
- curl <unfixed>
[bookworm] - curl <not-affected> (Vulnerable code introduced later)
[bullseye] - curl <not-affected> (Vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9693d3f7ede803e7772c5f0ca57b3c4322f69d16
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9693d3f7ede803e7772c5f0ca57b3c4322f69d16
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240724/339aa465/attachment.htm>
More information about the debian-security-tracker-commits
mailing list