[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 23 09:12:09 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2f3b5d6a by security tracker role at 2024-05-23T08:11:52+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,12 +1,106 @@
-CVE-2024-36013 [Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()]
+CVE-2024-5241 (A vulnerability was found in Huashi Private Cloud CDN Live Streaming A ...)
+ TODO: check
+CVE-2024-5240 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-5239 (A vulnerability has been found in Campcodes Complete Web-Based School ...)
+ TODO: check
+CVE-2024-5238 (A vulnerability, which was classified as critical, was found in Campco ...)
+ TODO: check
+CVE-2024-5237 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2024-5236 (A vulnerability classified as critical was found in Campcodes Complete ...)
+ TODO: check
+CVE-2024-5235 (A vulnerability classified as critical has been found in Campcodes Com ...)
+ TODO: check
+CVE-2024-5234 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-5233 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-5232 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-5231 (A vulnerability was found in Campcodes Complete Web-Based School Manag ...)
+ TODO: check
+CVE-2024-5230 (A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and ...)
+ TODO: check
+CVE-2024-5177 (The Hash Elements plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-4978 (Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious bin ...)
+ TODO: check
+CVE-2024-4895 (The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table C ...)
+ TODO: check
+CVE-2024-4783 (The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-4706 (The WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin for Wor ...)
+ TODO: check
+CVE-2024-4662 (The Oxygen Builder plugin for WordPress is vulnerable to Remote Code E ...)
+ TODO: check
+CVE-2024-4486 (The Awesome Contact Form7 for Elementor plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2024-4431 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2024-4399 (The does not validate a parameter before making a request to it, whic ...)
+ TODO: check
+CVE-2024-4388 (This does not validate a path generated with user input when download ...)
+ TODO: check
+CVE-2024-4347 (The WP Fastest Cache plugin for WordPress is vulnerable to Directory T ...)
+ TODO: check
+CVE-2024-4043 (The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-3920 (The Flattr WordPress plugin through 1.2.2 does not sanitise and escape ...)
+ TODO: check
+CVE-2024-3918 (The Pet Manager WordPress plugin through 1.4 does not sanitise and esc ...)
+ TODO: check
+CVE-2024-3917 (The Pet Manager WordPress plugin through 1.4 does not sanitise and esc ...)
+ TODO: check
+CVE-2024-3711 (The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to un ...)
+ TODO: check
+CVE-2024-3708 (A condition exists in lighttpd version prior to 1.4.51 whereby a remot ...)
+ TODO: check
+CVE-2024-3648 (The ShareThis Share Buttons plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2024-3626 (The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsl ...)
+ TODO: check
+CVE-2024-3594 (The IDonate WordPress plugin through 1.9.0 does not sanitise and esca ...)
+ TODO: check
+CVE-2024-3201 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-3065 (The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugi ...)
+ TODO: check
+CVE-2024-2220 (The Button contact VR WordPress plugin through 4.7 does not sanitise a ...)
+ TODO: check
+CVE-2024-2038 (The Visual Website Collaboration, Feedback & Project Management \u2013 ...)
+ TODO: check
+CVE-2024-29853 (An authentication bypass vulnerability in Veeam Agent for Microsoft Wi ...)
+ TODO: check
+CVE-2024-29852 (Veeam Backup Enterprise Manager allows high-privileged users to read b ...)
+ TODO: check
+CVE-2024-29851 (Veeam Backup Enterprise Manager allows high-privileged users to steal ...)
+ TODO: check
+CVE-2024-29850 (Veeam Backup Enterprise Manager allows account takeover via NTLM relay ...)
+ TODO: check
+CVE-2024-29849 (Veeam Backup Enterprise Manager allows unauthenticated users to log in ...)
+ TODO: check
+CVE-2024-22026 (A local privilege escalation vulnerability in EPMM before 12.1.0.0 all ...)
+ TODO: check
+CVE-2024-1855 (The WPCafe \u2013 Restaurant Menu, Online Ordering for WooCommerce, Pi ...)
+ TODO: check
+CVE-2023-6844 (The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2023-6325 (The RomethemeForm For Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2023-46807 (An SQL Injection vulnerability in web component of EPMM before 12.1.0. ...)
+ TODO: check
+CVE-2023-46806 (An SQL Injection vulnerability in a web component of EPMM versions bef ...)
+ TODO: check
+CVE-2024-36013 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/4d7b41c0e43995b0e992b9f8903109275744b658 (6.9)
-CVE-2024-36012 [Bluetooth: msft: fix slab-use-after-free in msft_do_close()]
+CVE-2024-36012 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/10f9f426ac6e752c8d87bf4346930ba347aaabac (6.9)
-CVE-2024-36011 [Bluetooth: HCI: Fix potential null-ptr-deref]
+CVE-2024-36011 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -21,10 +115,10 @@ CVE-2023-6502
CVE-2023-7045
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
-CVE-2024-2874
+CVE-2024-2874 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
-CVE-2024-4835
+CVE-2024-4835 (A XSS condition exists within GitLab in versions 15.11 before 16.10.6, ...)
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
CVE-2024-5196 (A vulnerability classified as critical has been found in Arris VAP2500 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f3b5d6af0d4e99889cbb4bf20e811445bd050dc
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f3b5d6af0d4e99889cbb4bf20e811445bd050dc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240523/7e5cef17/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list