[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 12 Jun 2024 01:12:51 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
702c090a by security tracker role at 2024-06-12T08:12:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,74 +1,134 @@
+CVE-2024-5892 (The Divi Torque Lite \u2013 Divi Theme and Extra Theme plugin 
for Word ...)
+       TODO: check
+CVE-2024-5873
+       REJECTED
+CVE-2024-5783
+       REJECTED
+CVE-2024-5782
+       REJECTED
+CVE-2024-5781
+       REJECTED
+CVE-2024-5780
+       REJECTED
+CVE-2024-5779
+       REJECTED
+CVE-2024-5778
+       REJECTED
+CVE-2024-5777
+       REJECTED
+CVE-2024-5776
+       REJECTED
+CVE-2024-5739 (The in-app browser of LINE iOS versions below 14.9.0 contains a 
Univer ...)
+       TODO: check
+CVE-2024-5646 (The Futurio Extra plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+       TODO: check
+CVE-2024-5553 (The Premium Addons for Elementor plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2024-5543 (The Slideshow Gallery LITE plugin for WordPress is vulnerable 
to time- ...)
+       TODO: check
+CVE-2024-4924 (The Social Sharing Plugin  WordPress plugin before 3.3.63 does 
not san ...)
+       TODO: check
+CVE-2024-4892 (The BuddyPress plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+       TODO: check
+CVE-2024-4669 (The Events Addon for Elementor plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
+CVE-2024-4564 (The CoDesigner WooCommerce Builder for Elementor \u2013 
Customize Chec ...)
+       TODO: check
+CVE-2024-4315 (parisneo/lollms version 9.5 is vulnerable to Local File 
Inclusion (LFI ...)
+       TODO: check
+CVE-2024-3925 (The Element Pack Elementor Addons (Header Footer, Template 
Library, Dy ...)
+       TODO: check
+CVE-2024-3559 (The Custom Field Suite plugin for WordPress is vulnerable to 
Stored Cr ...)
+       TODO: check
+CVE-2024-36856 (RMQTT Broker 0.4.0 allows remote attackers to cause a Denial 
of Servic ...)
+       TODO: check
+CVE-2024-36454 (Use of uninitialized resource issue exists in IPCOM EX2 Series 
(V01L0x ...)
+       TODO: check
+CVE-2024-36103 (OS command injection vulnerability in WRC-X5400GS-B v1.0.10 
and earlie ...)
+       TODO: check
+CVE-2024-35225 (Jupyter Server Proxy allows users to run arbitrary external 
processes  ...)
+       TODO: check
+CVE-2024-33606 (An attacker could retrieve sensitive files (medical images) as 
well as ...)
+       TODO: check
+CVE-2024-28970 (Dell Client BIOS contains an Out-of-bounds Write 
vulnerability. A loca ...)
+       TODO: check
+CVE-2024-28877 (MicroDicom DICOM Viewer is vulnerable to a stack-based buffer 
overflow ...)
+       TODO: check
+CVE-2024-0427 (The ARForms - Premium WordPress Form Builder Plugin WordPress 
plugin b ...)
+       TODO: check
+CVE-2024-0160 (Dell Client Platform contains an incorrect authorization 
vulnerability ...)
+       TODO: check
 CVE-2024-25131
        NOT-FOR-US: MustGather.managed.openshift.io Custom Defined Resource 
(CRD)
-CVE-2024-5847
+CVE-2024-5847 (Use after free in PDFium in Google Chrome prior to 
126.0.6478.54 allow ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5846
+CVE-2024-5846 (Use after free in PDFium in Google Chrome prior to 
126.0.6478.54 allow ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5845
+CVE-2024-5845 (Use after free in Audio in Google Chrome prior to 126.0.6478.54 
allowe ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5844
+CVE-2024-5844 (Heap buffer overflow in Tab Strip in Google Chrome prior to 
126.0.6478 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5843
+CVE-2024-5843 (Inappropriate implementation in Downloads in Google Chrome 
prior to 12 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5842
+CVE-2024-5842 (Use after free in Browser UI in Google Chrome prior to 
126.0.6478.54 a ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5841
+CVE-2024-5841 (Use after free in V8 in Google Chrome prior to 126.0.6478.54 
allowed a ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5840
+CVE-2024-5840 (Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 
allowed  ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5839
+CVE-2024-5839 (Inappropriate Implementation in Memory Allocator in Google 
Chrome prio ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5838
+CVE-2024-5838 (Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 
allowed a ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5837
+CVE-2024-5837 (Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 
allowed a ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5836
+CVE-2024-5836 (Inappropriate Implementation in DevTools in Google Chrome prior 
to 126 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5835
+CVE-2024-5835 (Heap buffer overflow in Tab Groups in Google Chrome prior to 
126.0.647 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5834
+CVE-2024-5834 (Inappropriate implementation in Dawn in Google Chrome prior to 
126.0.6 ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5833
+CVE-2024-5833 (Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 
allowed a ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5832
+CVE-2024-5832 (Use after free in Dawn in Google Chrome prior to 126.0.6478.54 
allowed ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5831
+CVE-2024-5831 (Use after free in Dawn in Google Chrome prior to 126.0.6478.54 
allowed ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-5830
+CVE-2024-5830 (Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 
allowed a ...)
        - chromium <unfixed>
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
@@ -639,7 +699,7 @@ CVE-2024-5203
 CVE-2024-3183
        - freeipa <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270685
-CVE-2024-2698
+CVE-2024-2698 (A vulnerability was found in FreeIPA in how the initial 
implementation ...)
        - freeipa <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2270353
 CVE-2024-5786 (Cross-Site Request Forgery vulnerability in Comtrend router 
WLD71-T1_v ...)
@@ -24203,7 +24263,7 @@ CVE-2024-27705 (Cross Site Scripting vulnerability in 
Leantime v3.0.6 allows att
        NOT-FOR-US: Leantime
 CVE-2024-26258 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 
and earlie ...)
        NOT-FOR-US: WRC-X3200GST3-B
-CVE-2024-25568 (OS command injection vulnerability in WRC-X3200GST3-B v1.25 
and earlie ...)
+CVE-2024-25568 (OS command injection vulnerability in ELECOM wireless LAN 
routers allo ...)
        NOT-FOR-US: WRC-X3200GST3-B
 CVE-2024-25503 (Cross Site Scripting (XSS) vulnerability in Advanced REST 
Client v.17. ...)
        NOT-FOR-US: Advanced REST Client



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/702c090a5e17b9b87ed1ee8bb55cf701eb95032d

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/702c090a5e17b9b87ed1ee8bb55cf701eb95032d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to