[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 12 09:12:41 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
702c090a by security tracker role at 2024-06-12T08:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,74 +1,134 @@
+CVE-2024-5892 (The Divi Torque Lite \u2013 Divi Theme and Extra Theme plugin for Word ...)
+ TODO: check
+CVE-2024-5873
+ REJECTED
+CVE-2024-5783
+ REJECTED
+CVE-2024-5782
+ REJECTED
+CVE-2024-5781
+ REJECTED
+CVE-2024-5780
+ REJECTED
+CVE-2024-5779
+ REJECTED
+CVE-2024-5778
+ REJECTED
+CVE-2024-5777
+ REJECTED
+CVE-2024-5776
+ REJECTED
+CVE-2024-5739 (The in-app browser of LINE iOS versions below 14.9.0 contains a Univer ...)
+ TODO: check
+CVE-2024-5646 (The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-5553 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-5543 (The Slideshow Gallery LITE plugin for WordPress is vulnerable to time- ...)
+ TODO: check
+CVE-2024-4924 (The Social Sharing Plugin WordPress plugin before 3.3.63 does not san ...)
+ TODO: check
+CVE-2024-4892 (The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-4669 (The Events Addon for Elementor plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2024-4564 (The CoDesigner WooCommerce Builder for Elementor \u2013 Customize Chec ...)
+ TODO: check
+CVE-2024-4315 (parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI ...)
+ TODO: check
+CVE-2024-3925 (The Element Pack Elementor Addons (Header Footer, Template Library, Dy ...)
+ TODO: check
+CVE-2024-3559 (The Custom Field Suite plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-36856 (RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Servic ...)
+ TODO: check
+CVE-2024-36454 (Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x ...)
+ TODO: check
+CVE-2024-36103 (OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlie ...)
+ TODO: check
+CVE-2024-35225 (Jupyter Server Proxy allows users to run arbitrary external processes ...)
+ TODO: check
+CVE-2024-33606 (An attacker could retrieve sensitive files (medical images) as well as ...)
+ TODO: check
+CVE-2024-28970 (Dell Client BIOS contains an Out-of-bounds Write vulnerability. A loca ...)
+ TODO: check
+CVE-2024-28877 (MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow ...)
+ TODO: check
+CVE-2024-0427 (The ARForms - Premium WordPress Form Builder Plugin WordPress plugin b ...)
+ TODO: check
+CVE-2024-0160 (Dell Client Platform contains an incorrect authorization vulnerability ...)
+ TODO: check
CVE-2024-25131
NOT-FOR-US: MustGather.managed.openshift.io Custom Defined Resource (CRD)
-CVE-2024-5847
+CVE-2024-5847 (Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5846
+CVE-2024-5846 (Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5845
+CVE-2024-5845 (Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowe ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5844
+CVE-2024-5844 (Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5843
+CVE-2024-5843 (Inappropriate implementation in Downloads in Google Chrome prior to 12 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5842
+CVE-2024-5842 (Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5841
+CVE-2024-5841 (Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5840
+CVE-2024-5840 (Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5839
+CVE-2024-5839 (Inappropriate Implementation in Memory Allocator in Google Chrome prio ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5838
+CVE-2024-5838 (Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5837
+CVE-2024-5837 (Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5836
+CVE-2024-5836 (Inappropriate Implementation in DevTools in Google Chrome prior to 126 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5835
+CVE-2024-5835 (Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.647 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5834
+CVE-2024-5834 (Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6 ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5833
+CVE-2024-5833 (Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5832
+CVE-2024-5832 (Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5831
+CVE-2024-5831 (Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5830
+CVE-2024-5830 (Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -639,7 +699,7 @@ CVE-2024-5203
CVE-2024-3183
- freeipa <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270685
-CVE-2024-2698
+CVE-2024-2698 (A vulnerability was found in FreeIPA in how the initial implementation ...)
- freeipa <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270353
CVE-2024-5786 (Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v ...)
@@ -24203,7 +24263,7 @@ CVE-2024-27705 (Cross Site Scripting vulnerability in Leantime v3.0.6 allows att
NOT-FOR-US: Leantime
CVE-2024-26258 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlie ...)
NOT-FOR-US: WRC-X3200GST3-B
-CVE-2024-25568 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlie ...)
+CVE-2024-25568 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...)
NOT-FOR-US: WRC-X3200GST3-B
CVE-2024-25503 (Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17. ...)
NOT-FOR-US: Advanced REST Client
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/702c090a5e17b9b87ed1ee8bb55cf701eb95032d
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/702c090a5e17b9b87ed1ee8bb55cf701eb95032d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240612/3b21dfb3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list