[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 4 09:12:14 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c666d802 by security tracker role at 2024-05-04T08:11:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2024-3868 (The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2024-3240 (The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injec ...)
+	TODO: check
+CVE-2024-3237 (The ConvertPlug plugin for WordPress is vulnerable to unauthorized mod ...)
+	TODO: check
+CVE-2024-34461 (Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snip ...)
+	TODO: check
+CVE-2024-34460 (The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is a ...)
+	TODO: check
+CVE-2024-1050 (The Import and export users and customers plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2023-7065 (The Stop Spammers Security | Block Spam Users, Comments, Forms plugin  ...)
+	TODO: check
 CVE-2024-4466 (SQL injection vulnerability in Gescen on the centrosdigitales.net plat ...)
 	NOT-FOR-US: Gescen
 CVE-2024-4461 (Unquoted path or search item vulnerability in SugarSync versions prior ...)
@@ -5885,7 +5899,7 @@ CVE-2023-39367 (An OS command injection vulnerability exists in the web interfac
 CVE-2023-36505 (Improper Input Validation vulnerability in Saturday Drive Ninja Forms  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-2961 (The iconv() function in the GNU C Library versions 2.39 and older may  ...)
-	{DSA-5673-1}
+	{DSA-5673-1 DLA-3807-1}
 	- glibc 2.37-18 (bug #1069191)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/04/17/9
 	NOTE: https://www.openwall.com/lists/oss-security/2024/04/18/4
@@ -6908,7 +6922,7 @@ CVE-2024-3832 (Object corruption in V8 in Google Chrome prior to 124.0.6367.60 a
 	- chromium 124.0.6367.60-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-4439 [Stored XSS in Avatar block]
+CVE-2024-4439 (WordPress Core is vulnerable to Stored Cross-Site Scripting via user d ...)
 	- wordpress 6.5.2+dfsg1-1 (bug #1069091)
 	NOTE: https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/
 	NOTE: https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/
@@ -7620,6 +7634,7 @@ CVE-2024-3662 (The WPZOOM Social Feed Widget & Block plugin for WordPress is vul
 CVE-2023-6494 (The WPC Smart Quick View for WooCommerce plugin for WordPress is vulne ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-32487 (less through 653 allows OS command execution via a newline character i ...)
+	{DSA-5679-1}
 	- less 590-2.1 (bug #1068938)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/04/12/5
 	NOTE: Fixed by: https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33
@@ -23825,6 +23840,7 @@ CVE-2024-26318 (Serenity before 6.8.0 allows XSS via an email link because Login
 CVE-2024-24722 (An unquoted service path vulnerability in the 12d Synergy Server and F ...)
 	NOT-FOR-US: 12d Synergy Server
 CVE-2022-48624 (close_altfile in filename.c in less before 606 omits shell_quote calls ...)
+	{DSA-5679-1}
 	- less 590-2.1 (bug #1064293)
 	[buster] - less <no-dsa> (Minor issue)
 	NOTE: https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144 (v606)
@@ -251772,7 +251788,8 @@ CVE-2020-35467 (The Docker Docs Docker image through 2020-12-14 contains a blank
 	NOT-FOR-US: Docker Docs Docker image
 CVE-2020-35466 (The Blackfire Docker image through 2020-12-14 contains a blank passwor ...)
 	NOT-FOR-US: Blackfire Docker image
-CVE-2020-35465 (The FullArmor HAPI File Share Mount Docker image through 2020-12-14 co ...)
+CVE-2020-35465
+	REJECTED
 	NOT-FOR-US: FullArmor HAPI File Share Mount Docker image
 CVE-2020-35464 (Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank p ...)
 	NOT-FOR-US: Weave Cloud Agent Docker image
@@ -265165,7 +265182,7 @@ CVE-2020-26734
 	RESERVED
 CVE-2020-26733 (Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF H ...)
 	NOT-FOR-US: SKYWORTH GN542VF Hardware
-CVE-2020-26732 (SKYWORTH GN542VF Boa version 0.94.13 does not set the Secure flag for  ...)
+CVE-2020-26732 (SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 do ...)
 	NOT-FOR-US: Skyworth GN542VF Boa
 CVE-2020-26731
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c666d8020ff9b386d73c8b980472b116c55c6b8e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c666d8020ff9b386d73c8b980472b116c55c6b8e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240504/c76e4f46/attachment.htm>

More information about the debian-security-tracker-commits mailing list