Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fd611beb by security tracker role at 2024-06-15T08:12:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2024-6003 (A vulnerability was found in Guangdong Baolun Electronics IP
Network B ...)
+ TODO: check
+CVE-2024-6000 (The FooEvents for WooCommerce plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2024-5871 (The WooCommerce - Social Login plugin for WordPress is
vulnerable to P ...)
+ TODO: check
+CVE-2024-5868 (The WooCommerce - Social Login plugin for WordPress is
vulnerable to E ...)
+ TODO: check
+CVE-2024-5263 (The ElementsKit Pro plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-4479 (The Jeg Elementor Kit plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2024-3815 (The Newspaper theme for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2024-3814 (The tagDiv Composer plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-3813 (The tagDiv Composer plugin for WordPress is vulnerable to Local
File I ...)
+ TODO: check
+CVE-2024-30120 (HCL DRYiCE Optibot Reset Station is impacted by an Unused
Parameter in ...)
+ TODO: check
+CVE-2024-30119 (HCL DRYiCE Optibot Reset Stationis impacted by a missing
Strict Transp ...)
+ TODO: check
+CVE-2024-2875
+ REJECTED
+CVE-2024-2544 (The Popup Builder plugin for WordPress is vulnerable to
unauthorized m ...)
+ TODO: check
+CVE-2024-21988 (StorageGRID (formerly StorageGRID Webscale) versions prior to
11.7.0. ...)
+ TODO: check
+CVE-2024-1399 (The Restaurant Menu \u2013 Food Ordering System \u2013 Table
Reservati ...)
+ TODO: check
+CVE-2023-6696 (The Popup Builder \u2013 Create highly converting, mobile
friendly mar ...)
+ TODO: check
CVE-2024-5996 (The notification emails sent by Soar Cloud HR Portal contain a
link wi ...)
NOT-FOR-US: Soar Cloud HR Portal
CVE-2024-5934
@@ -3853,6 +3885,7 @@ CVE-2024-3200 (The wpForo Forum plugin for WordPress is
vulnerable to SQL Inject
CVE-2024-35636 (Cross-Site Request Forgery (CSRF) vulnerability in Uploadcare
Uploadca ...)
NOT-FOR-US: WordPress plugin
CVE-2024-36041 [ksmserver: Unauthorized users can access session manager]
+ {DLA-3827-1}
- plasma-workspace 4:5.27.11.1-1
NOTE: https://kde.org/info/security/advisory-20240531-1.txt
NOTE: Fixed by:
https://invent.kde.org/plasma/plasma-workspace/-/commit/da843d3fdb143ed44094c8e6246cfb8305f6f09f
@@ -37670,7 +37703,7 @@ CVE-2024-23136 (A maliciously crafted STP file in
ASMKERN228A.dll when parsed th
NOT-FOR-US: Autodesk
CVE-2024-23135 (A maliciously crafted SLDPRT file in ASMkern228A.dll when
parsed throu ...)
NOT-FOR-US: Autodesk
-CVE-2024-23134 (A maliciously crafted IGS file in tbb.dll when parsed through
Autodesk ...)
+CVE-2024-23134 (A maliciously crafted IGS or IGES file in tbb.dll when parsed
through ...)
NOT-FOR-US: Autodesk
CVE-2024-23133 (A maliciously crafted STP file in ASMDATAX228A.dll when parsed
through ...)
NOT-FOR-US: Autodesk
@@ -37696,9 +37729,9 @@ CVE-2024-23123 (A maliciously crafted CATPART file in
CC5Dll.dll or ASMBASE228A.
NOT-FOR-US: Autodesk
CVE-2024-23122 (A maliciously crafted 3DM file in opennurbs.dll when parsed
through Au ...)
NOT-FOR-US: Autodesk
-CVE-2024-23121 (A maliciously crafted MODEL file in libodxdll.dll when parsed
through ...)
+CVE-2024-23121 (A maliciously crafted MODEL file when parsed in libodxdll.dll
through ...)
NOT-FOR-US: Autodesk
-CVE-2024-23120 (A maliciously crafted STP file in ASMIMPORT228A.dll when
parsed throug ...)
+CVE-2024-23120 (A maliciously crafted STP and STEP file when parsed in
ASMIMPORT228A.d ...)
NOT-FOR-US: Autodesk
CVE-2024-1053 (The Event Tickets and Registration plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
@@ -43420,7 +43453,7 @@ CVE-2023-7227 (SystemK NVR 504/508/516 versions
2.3.5SK.30084998 and prior are v
CVE-2023-6282 (IceHrm 23.0.0.OS does not sufficiently encode user-controlled
input, w ...)
NOT-FOR-US: IceHrm
CVE-2023-52076 (Atril Document Viewer is the default document reader of the
MATE deskt ...)
- {DSA-5688-1}
+ {DSA-5688-1 DLA-3828-1}
- atril 1.26.2-1 (bug #1061522)
NOTE:
https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37
NOTE:
https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50
@@ -49388,6 +49421,7 @@ CVE-2023-51766 (Exim before 4.97.1 allows SMTP
smuggling in certain PIPELINING/C
NOTE:
https://git.exim.org/exim.git/commit/4596719398f6f2365bed563aafd757a6433ce7b4
NOTE:
https://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca
CVE-2023-51765 (sendmail through 8.17.2 allows SMTP smuggling in certain
configuration ...)
+ {DLA-3829-1}
- sendmail 8.18.1-1 (bug #1059386)
[bookworm] - sendmail <no-dsa> (Minor issue)
[bullseye] - sendmail <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd611beb22267f29e5502b4dd49720f92a0732f9
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd611beb22267f29e5502b4dd49720f92a0732f9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
