[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 26 09:12:13 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eef40b59 by security tracker role at 2024-06-26T08:11:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2024-6060 (An information disclosure vulnerability in Phloc Webscopes 7.0.0 allow ...)
+	TODO: check
+CVE-2024-5573 (The Easy Table of Contents WordPress plugin before 2.0.66 does not san ...)
+	TODO: check
+CVE-2024-5473 (The Simple Photoswipe WordPress plugin through 0.1 does not sanitise a ...)
+	TODO: check
+CVE-2024-5460 (A vulnerability in the default configuration of the Simple Network  Ma ...)
+	TODO: check
+CVE-2024-5332 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2024-5215 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress  ...)
+	TODO: check
+CVE-2024-5199 (The Spotify Play Button WordPress plugin through 1.0 does not validate ...)
+	TODO: check
+CVE-2024-5181 (A command injection vulnerability exists in the mudler/localai version ...)
+	TODO: check
+CVE-2024-5173 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress  ...)
+	TODO: check
+CVE-2024-5169 (The Video Widget WordPress plugin through 1.2.3 does not sanitise and  ...)
+	TODO: check
+CVE-2024-5071 (The Bookster  WordPress plugin through 1.1.0 allows adding sensitive p ...)
+	TODO: check
+CVE-2024-5019 (In WhatsUp Gold versions released before 2023.1.3,  an unauthenticated ...)
+	TODO: check
+CVE-2024-5018 (In WhatsUp Gold versions released before 2023.1.3, an unauthenticated  ...)
+	TODO: check
+CVE-2024-5017 (In WhatsUp Gold versions released before 2023.1.3, a path traversal vu ...)
+	TODO: check
+CVE-2024-5016 (In WhatsUp Gold versions released before 2023.1.3, Distributed Edition ...)
+	TODO: check
+CVE-2024-5015 (In WhatsUp Gold versions released before 2023.1.3,an authenticated SSR ...)
+	TODO: check
+CVE-2024-5014 (In WhatsUp Gold versions released before 2023.1.3, a Server Side Reque ...)
+	TODO: check
+CVE-2024-5013 (In WhatsUp Gold versions released before 2023.1.3,an unauthenticated D ...)
+	TODO: check
+CVE-2024-5012 (In WhatsUp Gold versions released before 2023.1.3, there is amissing a ...)
+	TODO: check
+CVE-2024-4959 (The Frontend Checklist WordPress plugin through 2.3.2 does not sanitis ...)
+	TODO: check
+CVE-2024-4957 (The Frontend Checklist WordPress plugin through 2.3.2 does not sanitis ...)
+	TODO: check
+CVE-2024-4869 (The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPre ...)
+	TODO: check
+CVE-2024-4758 (The Muslim Prayer Time BD WordPress plugin through 2.4 does not have C ...)
+	TODO: check
+CVE-2024-4106 (A vulnerability has been found in FAST/TOOLS and CI Server. The affect ...)
+	TODO: check
+CVE-2024-4105 (A vulnerability has been found in FAST/TOOLS and CI Server. The affect ...)
+	TODO: check
+CVE-2024-3633 (The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitis ...)
+	TODO: check
+CVE-2024-38526 (pdoc provides API Documentation for Python Projects. Documentation gen ...)
+	TODO: check
+CVE-2024-38516 (ai-client-html is an Aimeos e-commerce HTML client component. Debug in ...)
+	TODO: check
+CVE-2024-38364 (DSpace is an open source software is a turnkey repository application  ...)
+	TODO: check
+CVE-2024-37855 (An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hard ...)
+	TODO: check
+CVE-2024-37843 (Craft CMS up to v3.7.31 was discovered to contain a SQL injection vuln ...)
+	TODO: check
+CVE-2024-37742 (An issue in Safe Exam Browser for Windows before 3.6 allows an attacke ...)
+	TODO: check
+CVE-2024-37141 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...)
+	TODO: check
+CVE-2024-37140 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...)
+	TODO: check
+CVE-2024-37139 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...)
+	TODO: check
+CVE-2024-37138 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...)
+	TODO: check
+CVE-2024-36802
+	REJECTED
+CVE-2024-35527 (An arbitrary file upload vulnerability in /fileupload/upload.cfm in Da ...)
+	TODO: check
+CVE-2024-35526 (An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 all ...)
+	TODO: check
+CVE-2024-34581 (The W3C XML Signature Syntax and Processing (XMLDsig) specification, s ...)
+	TODO: check
+CVE-2024-34580 (Apache XML Security for C++ through 2.0.4 implements the XML Signature ...)
+	TODO: check
+CVE-2024-34400 (An issue was discovered in VirtoSoftware Virto Kanban Board Web Part b ...)
+	TODO: check
+CVE-2024-30931 (Stored Cross Site Scripting vulnerability in Emby Media Server Emby Me ...)
+	TODO: check
+CVE-2024-30112 (HCL Connections is vulnerable to a cross-site scripting attack where a ...)
+	TODO: check
+CVE-2024-29954 (A vulnerability in a password management API in Brocade Fabric OS vers ...)
+	TODO: check
+CVE-2024-29953 (A vulnerability in the web interface in Brocade Fabric OS before v9.2. ...)
+	TODO: check
+CVE-2024-29177 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...)
+	TODO: check
+CVE-2024-29176 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...)
+	TODO: check
+CVE-2024-29175 (Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.4 ...)
+	TODO: check
+CVE-2024-29174 (Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1 ...)
+	TODO: check
+CVE-2024-29173 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...)
+	TODO: check
+CVE-2024-28973 (Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1. ...)
+	TODO: check
+CVE-2024-28830 (Insertion of Sensitive Information into Log File in Checkmk GmbH's Che ...)
+	TODO: check
+CVE-2024-27867 (An authentication issue was addressed with improved state management.  ...)
+	TODO: check
+CVE-2024-24764 (October is a self-hosted CMS platform based on the Laravel PHP Framewo ...)
+	TODO: check
+CVE-2024-21741 (GigaDevice GD32E103C8T6 devices have Incorrect Access Control.)
+	TODO: check
+CVE-2024-21740 (Artery AT32F415CBT7 and AT32F421C8T7 devices have Incorrect Access Con ...)
+	TODO: check
+CVE-2024-21739 (Geehy APM32F103CCT6, APM32F103RCT6, APM32F103RCT7, and APM32F103VCT6 d ...)
+	TODO: check
+CVE-2024-21520 (Versions of the package djangorestframework before 3.15.2 are vulnerab ...)
+	TODO: check
 CVE-2024-6308 (A vulnerability was found in itsourcecode Simple Online Hotel Reservat ...)
 	NOT-FOR-US: itsourcecode Simple Online Hotel Reservation System
 CVE-2024-6307 (WordPress Core is vulnerable to Stored Cross-Site Scripting via the HT ...)
@@ -354,18 +472,22 @@ CVE-2023-45196 (Adminer and AdminerEvo allow an unauthenticated remote attacker
 CVE-2023-45195 (Adminer and AdminerEvo are vulnerable to SSRF via database connection  ...)
 	TODO: check
 CVE-2024-6293 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowe ...)
+	{DSA-5720-1}
 	- chromium 126.0.6478.126-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-6292 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowe ...)
+	{DSA-5720-1}
 	- chromium 126.0.6478.126-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-6291 (Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 ...)
+	{DSA-5720-1}
 	- chromium 126.0.6478.126-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-6290 (Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowe ...)
+	{DSA-5720-1}
 	- chromium 126.0.6478.126-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -6072,9 +6194,9 @@ CVE-2023-6734
 	REJECTED
 CVE-2023-50804 (An issue was discovered in Samsung Mobile Processor, and Modem Exynos  ...)
 	NOT-FOR-US: Samsung
-CVE-2023-50803 (An issue was discovered in Samsung Mobile Processor, Automotive Proces ...)
+CVE-2023-50803 (An issue was discovered in Samsung Mobile Processor, and Modem Exynos  ...)
 	NOT-FOR-US: Samsung
-CVE-2023-49928 (An issue was discovered in Samsung Mobile Processor, Automotive Proces ...)
+CVE-2023-49928 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
 	NOT-FOR-US: Samsung
 CVE-2023-49927 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
 	NOT-FOR-US: Samsung



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eef40b590a6855780e4cf54972c3b5b7527d41e8

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eef40b590a6855780e4cf54972c3b5b7527d41e8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240626/f899f0fe/attachment.htm>


More information about the debian-security-tracker-commits mailing list