[Git][security-tracker-team/security-tracker][master] automatic update

Sat Jun 15 09:12:18 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd611beb by security tracker role at 2024-06-15T08:12:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2024-6003 (A vulnerability was found in Guangdong Baolun Electronics IP Network B ...)
+	TODO: check
+CVE-2024-6000 (The FooEvents for WooCommerce plugin for WordPress is vulnerable to un ...)
+	TODO: check
+CVE-2024-5871 (The WooCommerce - Social Login plugin for WordPress is vulnerable to P ...)
+	TODO: check
+CVE-2024-5868 (The WooCommerce - Social Login plugin for WordPress is vulnerable to E ...)
+	TODO: check
+CVE-2024-5263 (The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2024-4479 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2024-3815 (The Newspaper theme for WordPress is vulnerable to Stored Cross-Site S ...)
+	TODO: check
+CVE-2024-3814 (The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2024-3813 (The tagDiv Composer plugin for WordPress is vulnerable to Local File I ...)
+	TODO: check
+CVE-2024-30120 (HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in ...)
+	TODO: check
+CVE-2024-30119 (HCL DRYiCE Optibot Reset Stationis impacted by a missing Strict Transp ...)
+	TODO: check
+CVE-2024-2875
+	REJECTED
+CVE-2024-2544 (The Popup Builder plugin for WordPress is vulnerable to unauthorized m ...)
+	TODO: check
+CVE-2024-21988 (StorageGRID (formerly StorageGRID Webscale) versions prior to  11.7.0. ...)
+	TODO: check
+CVE-2024-1399 (The Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservati ...)
+	TODO: check
+CVE-2023-6696 (The Popup Builder \u2013 Create highly converting, mobile friendly mar ...)
+	TODO: check
 CVE-2024-5996 (The notification emails sent by Soar Cloud HR Portal contain a link wi ...)
 	NOT-FOR-US: Soar Cloud HR Portal
 CVE-2024-5934
@@ -3853,6 +3885,7 @@ CVE-2024-3200 (The wpForo Forum plugin for WordPress is vulnerable to SQL Inject
 CVE-2024-35636 (Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare Uploadca ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-36041 [ksmserver: Unauthorized users can access session manager]
+	{DLA-3827-1}
 	- plasma-workspace 4:5.27.11.1-1
 	NOTE: https://kde.org/info/security/advisory-20240531-1.txt
 	NOTE: Fixed by: https://invent.kde.org/plasma/plasma-workspace/-/commit/da843d3fdb143ed44094c8e6246cfb8305f6f09f
@@ -37670,7 +37703,7 @@ CVE-2024-23136 (A maliciously crafted STP file in ASMKERN228A.dll when parsed th
 	NOT-FOR-US: Autodesk
 CVE-2024-23135 (A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed throu ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23134 (A maliciously crafted IGS file in tbb.dll when parsed through Autodesk ...)
+CVE-2024-23134 (A maliciously crafted IGS or IGES file in tbb.dll when parsed through  ...)
 	NOT-FOR-US: Autodesk
 CVE-2024-23133 (A maliciously crafted STP file in ASMDATAX228A.dll when parsed through ...)
 	NOT-FOR-US: Autodesk
@@ -37696,9 +37729,9 @@ CVE-2024-23123 (A maliciously crafted CATPART file in CC5Dll.dll or ASMBASE228A.
 	NOT-FOR-US: Autodesk
 CVE-2024-23122 (A maliciously crafted 3DM file in opennurbs.dll when parsed through Au ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23121 (A maliciously crafted MODEL file in libodxdll.dll when parsed through  ...)
+CVE-2024-23121 (A maliciously crafted MODEL file when parsed in libodxdll.dll through  ...)
 	NOT-FOR-US: Autodesk
-CVE-2024-23120 (A maliciously crafted STP file in ASMIMPORT228A.dll when parsed throug ...)
+CVE-2024-23120 (A maliciously crafted STP and STEP file when parsed in ASMIMPORT228A.d ...)
 	NOT-FOR-US: Autodesk
 CVE-2024-1053 (The Event Tickets and Registration plugin for WordPress is vulnerable  ...)
 	NOT-FOR-US: WordPress plugin
@@ -43420,7 +43453,7 @@ CVE-2023-7227 (SystemK NVR 504/508/516 versions 2.3.5SK.30084998 and prior are v
 CVE-2023-6282 (IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, w ...)
 	NOT-FOR-US: IceHrm
 CVE-2023-52076 (Atril Document Viewer is the default document reader of the MATE deskt ...)
-	{DSA-5688-1}
+	{DSA-5688-1 DLA-3828-1}
 	- atril 1.26.2-1 (bug #1061522)
 	NOTE: https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37
 	NOTE: https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50
@@ -49388,6 +49421,7 @@ CVE-2023-51766 (Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/C
 	NOTE: https://git.exim.org/exim.git/commit/4596719398f6f2365bed563aafd757a6433ce7b4
 	NOTE: https://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca
 CVE-2023-51765 (sendmail through 8.17.2 allows SMTP smuggling in certain configuration ...)
+	{DLA-3829-1}
 	- sendmail 8.18.1-1 (bug #1059386)
 	[bookworm] - sendmail <no-dsa> (Minor issue)
 	[bullseye] - sendmail <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd611beb22267f29e5502b4dd49720f92a0732f9

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd611beb22267f29e5502b4dd49720f92a0732f9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240615/4819159b/attachment.htm>
