[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b0d770c4 by security tracker role at 2024-07-27T08:12:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2024-6661 (The ParityPress \u2013 Parity Pricing with Discount Rules plugin for W ...)
+	TODO: check
+CVE-2024-6634 (The Master Currency WP plugin for WordPress is vulnerable to Stored Cr ...)
+	TODO: check
+CVE-2024-6591 (The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2024-6573 (The Intelligence plugin for WordPress is vulnerable to Full Path Discl ...)
+	TODO: check
+CVE-2024-6566 (The Aramex Shipping WooCommerce plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2024-6549 (The Admin Post Navigation plugin for WordPress is vulnerable to Full P ...)
+	TODO: check
+CVE-2024-6548 (The Add Admin JavaScript plugin for WordPress is vulnerable to Full Pa ...)
+	TODO: check
+CVE-2024-6547 (The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disc ...)
+	TODO: check
+CVE-2024-6546 (The One Click Close Comments plugin for WordPress is vulnerable to Ful ...)
+	TODO: check
+CVE-2024-6545 (The Admin Trim Interface plugin for WordPress is vulnerable to Full Pa ...)
+	TODO: check
+CVE-2024-6431 (The Media.net Ads Manager plugin for WordPress is vulnerable to arbitr ...)
+	TODO: check
+CVE-2024-6152 (The Flipbox Builder plugin for WordPress is vulnerable to PHP Object I ...)
+	TODO: check
+CVE-2024-5969 (The AIomatic - Automatic AI Content Writer for WordPress is vulnerable ...)
+	TODO: check
+CVE-2024-4410 (The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2024-42029 (xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyp ...)
+	TODO: check
+CVE-2024-41815 (Starship is a cross-shell prompt. Starting in version 1.0.0 and prior  ...)
+	TODO: check
+CVE-2024-41628 (Directory Traversal vulnerability in Severalnines Cluster Control 1.9. ...)
+	TODO: check
+CVE-2024-41120 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...)
+	TODO: check
+CVE-2024-41119 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...)
+	TODO: check
+CVE-2024-41118 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...)
+	TODO: check
+CVE-2024-41117 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...)
+	TODO: check
+CVE-2024-41116 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...)
+	TODO: check
+CVE-2024-41115 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...)
+	TODO: check
+CVE-2024-41114 (streamlit-geospatial is a streamlit multipage app for geospatial appli ...)
+	TODO: check
+CVE-2024-40433 (Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows a ...)
+	TODO: check
+CVE-2024-37034 (An issue was discovered in Couchbase Server before 7.2.5 and 7.6.0 bef ...)
+	TODO: check
+CVE-2024-1804 (The Tutor LMS \u2013 Migration Tool plugin for WordPress is vulnerable ...)
+	TODO: check
+CVE-2024-1798 (The Tutor LMS \u2013 Migration Tool plugin for WordPress is vulnerable ...)
+	TODO: check
 CVE-2024-7128 (A flaw was found in the Openshift console. Several endpoints in the ap ...)
 	NOT-FOR-US: Openshift
 CVE-2024-7062 (Nimble Commander suffers from a privilege escalation vulnerability due ...)
@@ -375,7 +431,7 @@ CVE-2024-33519 (A vulnerability in the web-based management interface of HPE Aru
 	NOT-FOR-US: HPE Aruba Networking EdgeConnect SD-WAN gateway
 CVE-2024-31977 (Adtran 834-5 11.1.0.101-202106231430, and fixed as of SmartOS Version  ...)
 	NOT-FOR-US: Adtran 834-5
-CVE-2024-31971 (Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran N ...)
+CVE-2024-31971 (**UNSUPPORTED WHEN ASSIGNED** Multiple stored cross-site scripting (XS ...)
 	NOT-FOR-US: AdTran NetVanta 3120 devices
 CVE-2024-31970 (AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixe ...)
 	NOT-FOR-US: Adtran 834-5 devices
@@ -38639,7 +38695,7 @@ CVE-2024-28131 (EasyRange Ver 1.41 contains an issue with the executable file se
 	NOT-FOR-US: EasyRange
 CVE-2024-28126 (Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00.  ...)
 	NOT-FOR-US: 0ch BBS Script
-CVE-2024-28093 (The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is en ...)
+CVE-2024-28093 (**UNSUPPORTED WHEN ASSIGNED** The TELNET service of AdTran NetVanta 31 ...)
 	NOT-FOR-US: AdTran NetVanta devices
 CVE-2024-28048 (OS command injection vulnerability exists in ffBull ver.4.11, which ma ...)
 	NOT-FOR-US: ffBull



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0d770c4e0d6e5b59b3aa91ee05f49862915ce40

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0d770c4e0d6e5b59b3aa91ee05f49862915ce40
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240727/d97bd37a/attachment.htm>