Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2f3b5d6a by security tracker role at 2024-05-23T08:11:52+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,12 +1,106 @@
-CVE-2024-36013 [Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()]
+CVE-2024-5241 (A vulnerability was found in Huashi Private Cloud CDN Live
Streaming A ...)
+ TODO: check
+CVE-2024-5240 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-5239 (A vulnerability has been found in Campcodes Complete Web-Based
School ...)
+ TODO: check
+CVE-2024-5238 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2024-5237 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2024-5236 (A vulnerability classified as critical was found in Campcodes
Complete ...)
+ TODO: check
+CVE-2024-5235 (A vulnerability classified as critical has been found in
Campcodes Com ...)
+ TODO: check
+CVE-2024-5234 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-5233 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-5232 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-5231 (A vulnerability was found in Campcodes Complete Web-Based
School Manag ...)
+ TODO: check
+CVE-2024-5230 (A vulnerability has been found in EnvaySoft FleetCart up to
4.1.1 and ...)
+ TODO: check
+CVE-2024-5177 (The Hash Elements plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2024-4978 (Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a
malicious bin ...)
+ TODO: check
+CVE-2024-4895 (The wpDataTables \u2013 WordPress Data Table, Dynamic Tables &
Table C ...)
+ TODO: check
+CVE-2024-4783 (The jQuery T(-) Countdown Widget plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-4706 (The WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin
for Wor ...)
+ TODO: check
+CVE-2024-4662 (The Oxygen Builder plugin for WordPress is vulnerable to Remote
Code E ...)
+ TODO: check
+CVE-2024-4486 (The Awesome Contact Form7 for Elementor plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2024-4431 (The LA-Studio Element Kit for Elementor plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2024-4399 (The does not validate a parameter before making a request to
it, whic ...)
+ TODO: check
+CVE-2024-4388 (This does not validate a path generated with user input when
download ...)
+ TODO: check
+CVE-2024-4347 (The WP Fastest Cache plugin for WordPress is vulnerable to
Directory T ...)
+ TODO: check
+CVE-2024-4043 (The WP Ultimate Post Grid plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-3920 (The Flattr WordPress plugin through 1.2.2 does not sanitise and
escape ...)
+ TODO: check
+CVE-2024-3918 (The Pet Manager WordPress plugin through 1.4 does not sanitise
and esc ...)
+ TODO: check
+CVE-2024-3917 (The Pet Manager WordPress plugin through 1.4 does not sanitise
and esc ...)
+ TODO: check
+CVE-2024-3711 (The Brizy \u2013 Page Builder plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2024-3708 (A condition exists in lighttpd version prior to 1.4.51 whereby
a remot ...)
+ TODO: check
+CVE-2024-3648 (The ShareThis Share Buttons plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2024-3626 (The Email Subscribers by Icegram Express \u2013 Email
Marketing, Newsl ...)
+ TODO: check
+CVE-2024-3594 (The IDonate WordPress plugin through 1.9.0 does not sanitise
and esca ...)
+ TODO: check
+CVE-2024-3201 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-3065 (The PayPal Pay Now, Buy Now, Donation and Cart Buttons
Shortcode plugi ...)
+ TODO: check
+CVE-2024-2220 (The Button contact VR WordPress plugin through 4.7 does not
sanitise a ...)
+ TODO: check
+CVE-2024-2038 (The Visual Website Collaboration, Feedback & Project Management
\u2013 ...)
+ TODO: check
+CVE-2024-29853 (An authentication bypass vulnerability in Veeam Agent for
Microsoft Wi ...)
+ TODO: check
+CVE-2024-29852 (Veeam Backup Enterprise Manager allows high-privileged users
to read b ...)
+ TODO: check
+CVE-2024-29851 (Veeam Backup Enterprise Manager allows high-privileged users
to steal ...)
+ TODO: check
+CVE-2024-29850 (Veeam Backup Enterprise Manager allows account takeover via
NTLM relay ...)
+ TODO: check
+CVE-2024-29849 (Veeam Backup Enterprise Manager allows unauthenticated users
to log in ...)
+ TODO: check
+CVE-2024-22026 (A local privilege escalation vulnerability in EPMM before
12.1.0.0 all ...)
+ TODO: check
+CVE-2024-1855 (The WPCafe \u2013 Restaurant Menu, Online Ordering for
WooCommerce, Pi ...)
+ TODO: check
+CVE-2023-6844 (The iframe plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
+CVE-2023-6325 (The RomethemeForm For Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2023-46807 (An SQL Injection vulnerability in web component of EPMM before
12.1.0. ...)
+ TODO: check
+CVE-2023-46806 (An SQL Injection vulnerability in a web component of EPMM
versions bef ...)
+ TODO: check
+CVE-2024-36013 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/4d7b41c0e43995b0e992b9f8903109275744b658 (6.9)
-CVE-2024-36012 [Bluetooth: msft: fix slab-use-after-free in msft_do_close()]
+CVE-2024-36012 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/10f9f426ac6e752c8d87bf4346930ba347aaabac (6.9)
-CVE-2024-36011 [Bluetooth: HCI: Fix potential null-ptr-deref]
+CVE-2024-36011 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -21,10 +115,10 @@ CVE-2023-6502
CVE-2023-7045
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
-CVE-2024-2874
+CVE-2024-2874 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
-CVE-2024-4835
+CVE-2024-4835 (A XSS condition exists within GitLab in versions 15.11 before
16.10.6, ...)
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
CVE-2024-5196 (A vulnerability classified as critical has been found in Arris
VAP2500 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f3b5d6af0d4e99889cbb4bf20e811445bd050dc
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f3b5d6af0d4e99889cbb4bf20e811445bd050dc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
