[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Jun 9 21:12:17 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bb24258b by security tracker role at 2024-06-09T20:11:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,194 @@
-CVE-2024-37535
+CVE-2024-37570 (On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.h ...)
+ TODO: check
+CVE-2024-37569 (An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x throug ...)
+ TODO: check
+CVE-2024-37568 (lepture Authlib before 1.3.1 has algorithm confusion with asymmetric p ...)
+ TODO: check
+CVE-2024-35748 (Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.T ...)
+ TODO: check
+CVE-2024-35669 (Missing Authorization vulnerability in Bowo Debug Log Manager.This iss ...)
+ TODO: check
+CVE-2024-35662 (Missing Authorization vulnerability in Andreas Sofantzis Simple COD Fe ...)
+ TODO: check
+CVE-2024-35661 (Missing Authorization vulnerability in SoftLab Upload Fields for WPFor ...)
+ TODO: check
+CVE-2024-35660 (Missing Authorization vulnerability in Jewel Theme Master Addons for E ...)
+ TODO: check
+CVE-2024-34802 (Missing Authorization vulnerability in AdFoxly AdFoxly \u2013 Ad Manag ...)
+ TODO: check
+CVE-2024-34435 (Missing Authorization vulnerability in CodeRevolution Aiomatic.This is ...)
+ TODO: check
+CVE-2024-33572 (Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Bl ...)
+ TODO: check
+CVE-2024-33565 (Missing Authorization vulnerability in UkrSolution Barcode Scanner wit ...)
+ TODO: check
+CVE-2024-33564 (Missing Authorization vulnerability in 8theme XStore.This issue affect ...)
+ TODO: check
+CVE-2024-33563 (Missing Authorization vulnerability in 8theme XStore.This issue affect ...)
+ TODO: check
+CVE-2024-33561 (Missing Authorization vulnerability in 8theme XStore.This issue affect ...)
+ TODO: check
+CVE-2024-33555 (Missing Authorization vulnerability in 8theme XStore Core.This issue a ...)
+ TODO: check
+CVE-2024-33547 (Missing Authorization vulnerability in AA-Team WZone.This issue affect ...)
+ TODO: check
+CVE-2024-33545 (Missing Authorization vulnerability in AA-Team WZone.This issue affect ...)
+ TODO: check
+CVE-2024-33543 (Missing Authorization vulnerability in CodePeople WP Time Slots Bookin ...)
+ TODO: check
+CVE-2024-32824 (Missing Authorization vulnerability in Evergreen Content Poster.This i ...)
+ TODO: check
+CVE-2024-32821 (Missing Authorization vulnerability in TotalSuite Total Poll Lite.This ...)
+ TODO: check
+CVE-2024-32820 (Missing Authorization vulnerability in Social Share Pro Social Share I ...)
+ TODO: check
+CVE-2024-32818 (Missing Authorization vulnerability in realmag777 WordPress Meta Data ...)
+ TODO: check
+CVE-2024-32814 (Missing Authorization vulnerability in Zorem Advanced Local Pickup for ...)
+ TODO: check
+CVE-2024-32813 (Missing Authorization vulnerability in SoftLab Integrate Google Drive. ...)
+ TODO: check
+CVE-2024-32811 (Insertion of Sensitive Information into Log File vulnerability in Octo ...)
+ TODO: check
+CVE-2024-32805 (Missing Authorization vulnerability in Social Snap.This issue affects ...)
+ TODO: check
+CVE-2024-32804 (Missing Authorization vulnerability in Martin Gibson WP GoToWebinar.Th ...)
+ TODO: check
+CVE-2024-32799 (Missing Authorization vulnerability in Merv Barrett Easy Property List ...)
+ TODO: check
+CVE-2024-32798 (Missing Authorization vulnerability in WP Travel Engine.This issue aff ...)
+ TODO: check
+CVE-2024-32797 (Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto ...)
+ TODO: check
+CVE-2024-32792 (Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue ...)
+ TODO: check
+CVE-2024-32787 (Missing Authorization vulnerability in Copy Content Protection Team Se ...)
+ TODO: check
+CVE-2024-32784 (Missing Authorization vulnerability in CookieHub.This issue affects Co ...)
+ TODO: check
+CVE-2024-32783 (Missing Authorization vulnerability in wpcreativeidea Advanced Testimo ...)
+ TODO: check
+CVE-2024-32779 (Missing Authorization vulnerability in Avirtum Vision Interactive.This ...)
+ TODO: check
+CVE-2024-32778 (Missing Authorization vulnerability in Contest Gallery.This issue affe ...)
+ TODO: check
+CVE-2024-32777 (Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Br ...)
+ TODO: check
+CVE-2024-32727 (Missing Authorization vulnerability in Rometheme RomethemeForm For Ele ...)
+ TODO: check
+CVE-2024-32725 (Missing Authorization vulnerability in Saleswonder 5 Stars Rating Funn ...)
+ TODO: check
+CVE-2024-32715 (Missing Authorization vulnerability in Olive Themes Olive One Click De ...)
+ TODO: check
+CVE-2024-32714 (Missing Authorization vulnerability in Academy LMS academy.This issue ...)
+ TODO: check
+CVE-2024-32713 (Missing Authorization vulnerability in AutoWriter AI Post Generator | ...)
+ TODO: check
+CVE-2024-32705 (Missing Authorization vulnerability in reputeinfosystems ARForms.This ...)
+ TODO: check
+CVE-2024-32704 (Missing Authorization vulnerability in reputeinfosystems ARForms.This ...)
+ TODO: check
+CVE-2024-32703 (Missing Authorization vulnerability in reputeinfosystems ARForms.This ...)
+ TODO: check
+CVE-2024-32701 (Missing Authorization vulnerability in InstaWP Team InstaWP Connect.Th ...)
+ TODO: check
+CVE-2024-32081 (Missing Authorization vulnerability in Websupporter Filter Custom Fiel ...)
+ TODO: check
+CVE-2024-31423 (Missing Authorization vulnerability in Alex Volkov WP Accessibility He ...)
+ TODO: check
+CVE-2024-31359 (Missing Authorization vulnerability in Premmerce Premmerce Product Fil ...)
+ TODO: check
+CVE-2024-31352 (Missing Authorization vulnerability in Email Subscribers & Newsletters ...)
+ TODO: check
+CVE-2024-31350 (Missing Authorization vulnerability in AWP Classifieds Team AWP Classi ...)
+ TODO: check
+CVE-2024-31347 (Missing Authorization vulnerability in Data443 Tracking Code Manager.T ...)
+ TODO: check
+CVE-2024-31307 (Missing Authorization vulnerability in appscreo Easy Social Share Butt ...)
+ TODO: check
+CVE-2024-31304 (Missing Authorization vulnerability in MultiVendorX WC Marketplace.Thi ...)
+ TODO: check
+CVE-2024-31294 (Missing Authorization vulnerability in Fahad Mahmood WP Sort Order.Thi ...)
+ TODO: check
+CVE-2024-31284 (Missing Authorization vulnerability in WPDeveloper EmbedPress.This iss ...)
+ TODO: check
+CVE-2024-31283 (Missing Authorization vulnerability in zorem Advanced Local Pickup for ...)
+ TODO: check
+CVE-2024-31276 (Missing Authorization vulnerability in WPFactory Products, Order & Cus ...)
+ TODO: check
+CVE-2024-31275 (Missing Authorization vulnerability in Metagauss EventPrime.This issue ...)
+ TODO: check
+CVE-2024-31274 (Missing Authorization vulnerability in WPDeveloper EmbedPress.This iss ...)
+ TODO: check
+CVE-2024-31273 (Missing Authorization vulnerability in JS Help Desk JS Help Desk \u201 ...)
+ TODO: check
+CVE-2024-31267 (Missing Authorization vulnerability in WP Desk Flexible Checkout Field ...)
+ TODO: check
+CVE-2024-31261 (Missing Authorization vulnerability in Aakash Chakravarthy Announcer \ ...)
+ TODO: check
+CVE-2024-31252 (Missing Authorization vulnerability in dFactory Responsive Lightbox.Th ...)
+ TODO: check
+CVE-2024-31248 (Missing Authorization vulnerability in Team Plugins360 All-in-One Vide ...)
+ TODO: check
+CVE-2024-31246 (Missing Authorization vulnerability in Post Grid Team by WPXPO PostX \ ...)
+ TODO: check
+CVE-2024-31244 (Missing Authorization vulnerability in Bricksforge.This issue affects ...)
+ TODO: check
+CVE-2024-31243 (Missing Authorization vulnerability in Bricksforge.This issue affects ...)
+ TODO: check
+CVE-2024-31098 (Missing Authorization vulnerability in Mr.Ebabi New Order Notification ...)
+ TODO: check
+CVE-2024-30544 (Missing Authorization vulnerability in UPQODE Whizzy.This issue affect ...)
+ TODO: check
+CVE-2024-30539 (Missing Authorization vulnerability in Awesome Support Team Awesome Su ...)
+ TODO: check
+CVE-2024-30538 (Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.This i ...)
+ TODO: check
+CVE-2024-30537 (Missing Authorization vulnerability in WPClever WPC Badge Management f ...)
+ TODO: check
+CVE-2024-30534 (Missing Authorization vulnerability in typps Calendarista Basic Editio ...)
+ TODO: check
+CVE-2024-30529 (Missing Authorization vulnerability in Tainacan.Org Tainacan.This issu ...)
+ TODO: check
+CVE-2024-30517 (Missing Authorization vulnerability in Sliced Invoices.This issue affe ...)
+ TODO: check
+CVE-2024-30515 (Missing Authorization vulnerability in Pixelite Events Manager.This is ...)
+ TODO: check
+CVE-2024-30512 (Missing Authorization vulnerability in weForms.This issue affects weFo ...)
+ TODO: check
+CVE-2024-30485 (Missing Authorization vulnerability in XLPlugins Finale Lite.This issu ...)
+ TODO: check
+CVE-2024-30481 (Broken Access Control vulnerability in Samuel Marshall JCH Optimize.Th ...)
+ TODO: check
+CVE-2024-30470 (Missing Authorization vulnerability in YITH YITH WooCommerce Account F ...)
+ TODO: check
+CVE-2024-30467 (Missing Authorization vulnerability in WPDeveloper Essential Blocks fo ...)
+ TODO: check
+CVE-2024-30466 (Missing Authorization vulnerability in OnTheGoSystems WooCommerce Mult ...)
+ TODO: check
+CVE-2024-30465 (Missing Authorization vulnerability in Pagelayer Team PageLayer.This i ...)
+ TODO: check
+CVE-2024-30464 (Missing Authorization vulnerability in WPZOOM Social Icons Widget & Bl ...)
+ TODO: check
+CVE-2024-2408 (The openssl_private_decrypt function in PHP, when using PKCS1 padding ...)
+ TODO: check
+CVE-2024-25929 (Missing Authorization vulnerability in MultiVendorX Product Catalog En ...)
+ TODO: check
+CVE-2024-25092 (Missing Authorization vulnerability in XLPlugins NextMove Lite.This is ...)
+ TODO: check
+CVE-2024-24716 (Missing Authorization vulnerability in Awesome Support Team Awesome Su ...)
+ TODO: check
+CVE-2023-52232 (Missing Authorization vulnerability in Pluggabl LLC Booster Plus for W ...)
+ TODO: check
+CVE-2023-52230 (Missing Authorization vulnerability in Pluggabl LLC Booster Plus for W ...)
+ TODO: check
+CVE-2023-51494 (Missing Authorization vulnerability in Woo WooCommerce Product Vendors ...)
+ TODO: check
+CVE-2023-45188 (IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could ...)
+ TODO: check
+CVE-2023-34003 (Missing Authorization vulnerability in Woo WooCommerce Box Office.This ...)
+ TODO: check
+CVE-2024-37535 (GNOME VTE before 0.76.3 allows an attacker to cause a denial of servic ...)
- vte <unfixed>
[bookworm] - vte <no-dsa> (Minor issue)
[bullseye] - vte <no-dsa> (Minor issue)
@@ -20220,21 +20410,21 @@ CVE-2023-44853 (\An issue was discovered in Cobham SAILOR VSAT Ku v.164B019, all
NOT-FOR-US: Cobham SAILOR VSAT Ku
CVE-2023-44852 (Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.16 ...)
NOT-FOR-US: Cobham SAILOR VSAT Ku
-CVE-2024-5585 [Bypass of CVE-2024-1874]
+CVE-2024-5585 (In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ...)
- php8.2 <not-affected> (Windows-specific)
- php7.4 <not-affected> (Windows-specific)
- php7.3 <not-affected> (Windows-specific)
NOTE: Fixed in 8.3.8, 8.2.20, 8.1.29
NOTE: https://github.com/php/php-src/security/advisories/GHSA-9fcc-425m-g385
NOTE: https://github.com/php/php-src/commit/4b15f5d4ec750b31ec8911f5eb0915a45f96feca
-CVE-2024-5458 [Filter bypass in filter_var FILTER_VALIDATE_URL]
+CVE-2024-5458 (In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ...)
- php8.2 <unfixed> (bug #1072885)
- php7.4 <removed>
- php7.3 <removed>
NOTE: Fixed in 8.3.8, 8.2.20, 8.1.29
NOTE: https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w
NOTE: https://github.com/php/php-src/commit/7e0e3cc820c493301409a0ce2b6ef95e0ab06b0c
-CVE-2024-4577 [Bypass of CVE-2012-1823, Argument Injection in PHP-CGI]
+CVE-2024-4577 (In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ...)
- php8.2 <unfixed> (bug #1072885)
- php7.4 <removed>
- php7.3 <removed>
@@ -82008,8 +82198,8 @@ CVE-2023-31081 (An issue was discovered in drivers/media/test-drivers/vidtv/vidt
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lore.kernel.org/all/CA+UBctDXyiosaiR7YNKCs8k0aWu4gU+YutRcnC+TDJkXpHjQag@mail.gmail.com/
NOTE: CONFIG_DVB_VIDTV (vidtv driver) not enabled in Debian official configuration
-CVE-2023-31080
- RESERVED
+CVE-2023-31080 (Missing Authorization vulnerability in Unlimited Elements Unlimited El ...)
+ TODO: check
CVE-2023-31079 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31078 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher ...)
@@ -104896,10 +105086,10 @@ CVE-2023-23642
RESERVED
CVE-2023-23641 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23640
- RESERVED
-CVE-2023-23639
- RESERVED
+CVE-2023-23640 (Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Exten ...)
+ TODO: check
+CVE-2023-23639 (Missing Authorization vulnerability in MainWP MainWP Staging Extension ...)
+ TODO: check
CVE-2023-23638 (A deserialization vulnerability existed when dubbo generic invoke, whi ...)
NOT-FOR-US: Apache Dubbo
CVE-2023-0331 (The Correos Oficial WordPress plugin through 1.2.0.2 does not have an ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb24258b7e5953d9537a5e46e985b465c9cc3dbb
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb24258b7e5953d9537a5e46e985b465c9cc3dbb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240609/573203f8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list