[Git][security-tracker-team/security-tracker][master] automatic update

Thu May 2 09:12:03 BST 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
865bd4ed by security tracker role at 2024-05-02T08:11:48+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2024-4142 (An Improper input validation vulnerability that could potentially lead ...)
+	TODO: check
+CVE-2024-3490 (The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2024-3481 (The Counter Box  WordPress plugin before 1.2.4 does not have CSRF chec ...)
+	TODO: check
+CVE-2024-3478 (The Herd Effects  WordPress plugin before 5.2.7 does not have CSRF che ...)
+	TODO: check
+CVE-2024-3477 (The Popup Box  WordPress plugin before 2.2.7 does not have CSRF checks ...)
+	TODO: check
+CVE-2024-3476 (The Side Menu Lite  WordPress plugin before 4.2.1 does not have CSRF c ...)
+	TODO: check
+CVE-2024-3475 (The Sticky Buttons  WordPress plugin before 3.2.4 does not have CSRF c ...)
+	TODO: check
+CVE-2024-3474 (The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF ...)
+	TODO: check
+CVE-2024-3472 (The Modal Window  WordPress plugin before 5.3.10 does not have CSRF ch ...)
+	TODO: check
+CVE-2024-3471 (The Button Generator  WordPress plugin before 3.0 does not have CSRF c ...)
+	TODO: check
+CVE-2024-3280 (The Follow Us Badges plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2024-32971 (Apollo Router is a configurable, graph router written in Rust to run a ...)
+	TODO: check
+CVE-2024-32962 (xml-crypto is an xml digital signature and encryption library for Node ...)
+	TODO: check
+CVE-2024-32882 (Wagtail is an open source content management system built on Django. I ...)
+	TODO: check
+CVE-2024-2405 (The Float menu  WordPress plugin before 6.0.1 does not have CSRF check ...)
+	TODO: check
+CVE-2023-51631 (D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow ...)
+	TODO: check
 CVE-2024-33835 (Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remo ...)
 	NOT-FOR-US: Tenda
 CVE-2024-33820 (Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V ...)
@@ -468,10 +500,12 @@ CVE-2022-48669 (In the Linux kernel, the following vulnerability has been resolv
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/cda9c0d556283e2d4adaa9960b2dc19b16156bae (6.9-rc1)
 CVE-2024-4331 (Use after free in Picture In Picture in Google Chrome prior to 124.0.6 ...)
+	{DSA-5676-1}
 	- chromium 124.0.6367.118-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2024-4368 (Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowe ...)
+	{DSA-5676-1}
 	- chromium 124.0.6367.118-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -158237,7 +158271,8 @@ CVE-2022-27460
 	RESERVED
 CVE-2022-27459
 	RESERVED
-CVE-2022-27458 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...)
+CVE-2022-27458
+	REJECTED
 	{DLA-3114-1}
 	- mariadb-10.6 1:10.6.8-1
 	- mariadb-10.5 <removed>
@@ -205736,10 +205771,10 @@ CVE-2021-36596
 	RESERVED
 CVE-2021-36595
 	RESERVED
-CVE-2021-36594
-	RESERVED
-CVE-2021-36593
-	RESERVED
+CVE-2021-36594 (SSRF in Oxwall 1.8.7 (11111) allows an attacker to execute arbitrary c ...)
+	TODO: check
+CVE-2021-36593 (Oxwall 1.8.7 (11111) is vulnerable to Incorrect Access Control. Unauth ...)
+	TODO: check
 CVE-2021-36592
 	RESERVED
 CVE-2021-36591



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/865bd4ed64ada8c2bc0d2643d129b57fea269fea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/865bd4ed64ada8c2bc0d2643d129b57fea269fea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240502/84916a19/attachment.htm>
