[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 04 May 2024 01:12:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c666d802 by security tracker role at 2024-05-04T08:11:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2024-3868 (The Folders Pro plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2024-3240 (The ConvertPlug plugin for WordPress is vulnerable to PHP 
Object Injec ...)
+       TODO: check
+CVE-2024-3237 (The ConvertPlug plugin for WordPress is vulnerable to 
unauthorized mod ...)
+       TODO: check
+CVE-2024-34461 (Zenario before 9.5.60437 uses Twig filters insecurely in the 
Twig Snip ...)
+       TODO: check
+CVE-2024-34460 (The Tree Explorer tool from Organizer in Zenario before 
9.5.60602 is a ...)
+       TODO: check
+CVE-2024-1050 (The Import and export users and customers plugin for WordPress 
is vuln ...)
+       TODO: check
+CVE-2023-7065 (The Stop Spammers Security | Block Spam Users, Comments, Forms 
plugin  ...)
+       TODO: check
 CVE-2024-4466 (SQL injection vulnerability in Gescen on the 
centrosdigitales.net plat ...)
        NOT-FOR-US: Gescen
 CVE-2024-4461 (Unquoted path or search item vulnerability in SugarSync 
versions prior ...)
@@ -5885,7 +5899,7 @@ CVE-2023-39367 (An OS command injection vulnerability 
exists in the web interfac
 CVE-2023-36505 (Improper Input Validation vulnerability in Saturday Drive 
Ninja Forms  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-2961 (The iconv() function in the GNU C Library versions 2.39 and 
older may  ...)
-       {DSA-5673-1}
+       {DSA-5673-1 DLA-3807-1}
        - glibc 2.37-18 (bug #1069191)
        NOTE: https://www.openwall.com/lists/oss-security/2024/04/17/9
        NOTE: https://www.openwall.com/lists/oss-security/2024/04/18/4
@@ -6908,7 +6922,7 @@ CVE-2024-3832 (Object corruption in V8 in Google Chrome 
prior to 124.0.6367.60 a
        - chromium 124.0.6367.60-1
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-4439 [Stored XSS in Avatar block]
+CVE-2024-4439 (WordPress Core is vulnerable to Stored Cross-Site Scripting via 
user d ...)
        - wordpress 6.5.2+dfsg1-1 (bug #1069091)
        NOTE: 
https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/
        NOTE: 
https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/
@@ -7620,6 +7634,7 @@ CVE-2024-3662 (The WPZOOM Social Feed Widget & Block 
plugin for WordPress is vul
 CVE-2023-6494 (The WPC Smart Quick View for WooCommerce plugin for WordPress 
is vulne ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-32487 (less through 653 allows OS command execution via a newline 
character i ...)
+       {DSA-5679-1}
        - less 590-2.1 (bug #1068938)
        NOTE: https://www.openwall.com/lists/oss-security/2024/04/12/5
        NOTE: Fixed by: 
https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33
@@ -23825,6 +23840,7 @@ CVE-2024-26318 (Serenity before 6.8.0 allows XSS via an 
email link because Login
 CVE-2024-24722 (An unquoted service path vulnerability in the 12d Synergy 
Server and F ...)
        NOT-FOR-US: 12d Synergy Server
 CVE-2022-48624 (close_altfile in filename.c in less before 606 omits 
shell_quote calls ...)
+       {DSA-5679-1}
        - less 590-2.1 (bug #1064293)
        [buster] - less <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144 
(v606)
@@ -251772,7 +251788,8 @@ CVE-2020-35467 (The Docker Docs Docker image through 
2020-12-14 contains a blank
        NOT-FOR-US: Docker Docs Docker image
 CVE-2020-35466 (The Blackfire Docker image through 2020-12-14 contains a blank 
passwor ...)
        NOT-FOR-US: Blackfire Docker image
-CVE-2020-35465 (The FullArmor HAPI File Share Mount Docker image through 
2020-12-14 co ...)
+CVE-2020-35465
+       REJECTED
        NOT-FOR-US: FullArmor HAPI File Share Mount Docker image
 CVE-2020-35464 (Version 1.3.0 of the Weave Cloud Agent Docker image contains a 
blank p ...)
        NOT-FOR-US: Weave Cloud Agent Docker image
@@ -265165,7 +265182,7 @@ CVE-2020-26734
        RESERVED
 CVE-2020-26733 (Cross Site Scripting (XSS) in Configuration page in SKYWORTH 
GN542VF H ...)
        NOT-FOR-US: SKYWORTH GN542VF Hardware
-CVE-2020-26732 (SKYWORTH GN542VF Boa version 0.94.13 does not set the Secure 
flag for  ...)
+CVE-2020-26732 (SKYWORTH GN542VF Hardware Version 2.0 and Software Version 
2.0.0.16 do ...)
        NOT-FOR-US: Skyworth GN542VF Boa
 CVE-2020-26731
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c666d8020ff9b386d73c8b980472b116c55c6b8e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c666d8020ff9b386d73c8b980472b116c55c6b8e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to