[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jun 29 09:12:39 BST 2024



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9d74556 by security tracker role at 2024-06-29T08:12:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2024-6405 (The Floating Social Buttons plugin for WordPress is vulnerable to Cros ...)
+	TODO: check
+CVE-2024-6363 (The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Si ...)
+	TODO: check
+CVE-2024-6265 (The UsersWP \u2013 Front-end login form, User Registration, User Profi ...)
+	TODO: check
+CVE-2024-5942 (The Page and Post Clone plugin for WordPress is vulnerable to Insecure ...)
+	TODO: check
+CVE-2024-5889 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...)
+	TODO: check
+CVE-2024-5790 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2024-5666 (The Extensions for Elementor plugin for WordPress is vulnerable to Sto ...)
+	TODO: check
+CVE-2024-5598 (The Advanced File Manager plugin for WordPress is vulnerable to Sensit ...)
+	TODO: check
+CVE-2024-5192 (The Funnel Builder for WordPress by FunnelKit \u2013 Customize WooComm ...)
+	TODO: check
+CVE-2024-39828 (R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modifi ...)
+	TODO: check
+CVE-2024-39307 (Kavita is a cross platform reading server. Opening an ebook with malic ...)
+	TODO: check
+CVE-2024-39302 (BigBlueButton is an open-source virtual classroom designed to help tea ...)
+	TODO: check
+CVE-2024-38533 (ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scal ...)
+	TODO: check
+CVE-2024-38532 (The NXP Data Co-Processor (DCP) is a built-in hardware module for spec ...)
+	TODO: check
+CVE-2024-38525 (dd-trace-cpp is the Datadog distributed tracing for C++. When the libr ...)
+	TODO: check
+CVE-2024-38518 (BigBlueButton is an open-source virtual classroom designed to help tea ...)
+	TODO: check
+CVE-2019-25211 (parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandle ...)
+	TODO: check
 CVE-2024-6403 (A vulnerability, which was classified as critical, has been found in T ...)
 	NOT-FOR-US: Tenda
 CVE-2024-6402 (A vulnerability classified as critical was found in Tenda A301 15.13.0 ...)
@@ -313,7 +347,7 @@ CVE-2024-38523 (Hush Line is a free and open-source, anonymous-tip-line-as-a-ser
 	NOT-FOR-US: Hush Line
 CVE-2024-38515
 	REJECTED
-CVE-2024-35260 (Microsoft Dataverse Remote Code Execution Vulnerability)
+CVE-2024-35260 (An authenticated attacker can exploit an Untrusted Search Path vulnera ...)
 	NOT-FOR-US: Microsoft
 CVE-2024-35153 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...)
 	NOT-FOR-US: IBM
@@ -358,10 +392,10 @@ CVE-2023-38370 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, un
 	NOT-FOR-US: IBM
 CVE-2023-38368 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could dis ...)
 	NOT-FOR-US: IBM
-CVE-2024-37371
+CVE-2024-37371 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause inva ...)
 	- krb5 1.21.3-1
 	NOTE: https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef (krb5-1.21.3-final)
-CVE-2024-37370
+CVE-2024-37370 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the ...)
 	- krb5 1.21.3-1
 	NOTE: https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef (krb5-1.21.3-final)
 CVE-2024-5535 (Issue summary: Calling the OpenSSL API function SSL_select_next_proto  ...)
@@ -1256,7 +1290,7 @@ CVE-2024-6268 (A vulnerability, which was classified as critical, has been found
 CVE-2024-4841 (A Path Traversal vulnerability exists in the parisneo/lollms-webui, sp ...)
 	NOT-FOR-US: parisneo/lollms-webui
 CVE-2024-39331 (In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a % ...)
-	{DSA-5719-1 DSA-5718-1}
+	{DSA-5719-1 DSA-5718-1 DLA-3849-1 DLA-3848-1}
 	- emacs 1:29.4+1-1 (bug #1074137)
 	- org-mode 9.7.5+dfsg-1 (bug #1074136)
 	[bookworm] - org-mode <ignored> (Produces only a dependency binary package)
@@ -21503,7 +21537,7 @@ CVE-2023-38002 (IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authent
 CVE-2023-36268 (An issue in The Document Foundation Libreoffice v.7.4.7 allows a remot ...)
 	- libreoffice <unfixed> (unimportant)
 	NOTE: Resource overload in desktop app, no security impact
-CVE-2024-29040
+CVE-2024-29040 (This repository hosts source code implementing the Trusted Computing G ...)
 	- tpm2-tss 4.1.0-1 (bug #1070140)
 	[bookworm] - tpm2-tss <no-dsa> (Minor issue)
 	[bullseye] - tpm2-tss <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9d7455610c65d238d7b9b2fafaeedd82be7c4cb

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9d7455610c65d238d7b9b2fafaeedd82be7c4cb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240629/4f23d890/attachment.htm>


More information about the debian-security-tracker-commits mailing list