[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 20 Jun 2024 01:12:47 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1ae81d36 by security tracker role at 2024-06-20T08:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,74 @@
-CVE-2024-38619 [usb-storage: alauda: Check whether the media is initialized]
+CVE-2024-6179 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-6178 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-6177 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2024-6176 (Allocation of Resources Without Limits or Throttling 
vulnerability in  ...)
+       TODO: check
+CVE-2024-6113 (A vulnerability was found in itsourcecode Monbela Tourist Inn 
Online R ...)
+       TODO: check
+CVE-2024-5686 (The WPZOOM Addons for Elementor (Templates, Widgets) plugin for 
WordPr ...)
+       TODO: check
+CVE-2024-5605 (The Media Library Assistant plugin for WordPress is vulnerable 
to time ...)
+       TODO: check
+CVE-2024-5522 (The HTML5 Video Player  WordPress plugin before 2.5.27 does not 
saniti ...)
+       TODO: check
+CVE-2024-5475 (The Responsive video embed WordPress plugin before 0.5.1 does 
not vali ...)
+       TODO: check
+CVE-2024-5432 (The Lifeline Donation plugin for WordPress is vulnerable to 
authentica ...)
+       TODO: check
+CVE-2024-5213 (In mintplex-labs/anything-llm versions up to and including 
1.5.3, an i ...)
+       TODO: check
+CVE-2024-5182 (A path traversal vulnerability exists in mudler/localai version 
2.14.0 ...)
+       TODO: check
+CVE-2024-4742 (The Youzify \u2013 BuddyPress Community, User Profile, Social 
Network  ...)
+       TODO: check
+CVE-2024-4626 (The JetWidgets For Elementor plugin for WordPress is vulnerable 
to Sto ...)
+       TODO: check
+CVE-2024-4565 (The Advanced Custom Fields (ACF) WordPress plugin before 6.3, 
Advanced ...)
+       TODO: check
+CVE-2024-4390 (The Slider and Carousel slider by Depicter plugin for WordPress 
is vul ...)
+       TODO: check
+CVE-2024-4098 (The Shariff Wrapper plugin for WordPress is vulnerable to Local 
File I ...)
+       TODO: check
+CVE-2024-3627 (The Wheel of Life: Coaching and Assessment Tool for Life Coach 
plugin  ...)
+       TODO: check
+CVE-2024-3605 (The WP Hotel Booking plugin for WordPress is vulnerable to SQL 
Injecti ...)
+       TODO: check
+CVE-2024-3602 (The Pop ups, Exit intent popups, email popups, banners, bars, 
countdow ...)
+       TODO: check
+CVE-2024-3597 (The Export WP Page to Static HTML/CSS plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2024-3562 (The Custom Field Suite plugin for WordPress is vulnerable to 
PHP Code  ...)
+       TODO: check
+CVE-2024-3561 (The Custom Field Suite plugin for WordPress is vulnerable to 
SQL Injec ...)
+       TODO: check
+CVE-2024-3558 (The Custom Field Suite plugin for WordPress is vulnerable to 
Stored Cr ...)
+       TODO: check
+CVE-2024-38620 (In the Linux kernel, the following vulnerability has been 
resolved:  B ...)
+       TODO: check
+CVE-2024-36684 (In the module "Custom links" (pk_customlinks) <= 2.3 from 
Promokit.eu  ...)
+       TODO: check
+CVE-2024-36680 (In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu 
for Pre ...)
+       TODO: check
+CVE-2024-36679 (In the module "Module Live Chat Pro (All in One Messaging)" 
(livechatp ...)
+       TODO: check
+CVE-2024-36678 (In the module "Theme settings" (pk_themesettings) <= 1.8.8 
from Promok ...)
+       TODO: check
+CVE-2024-36677 (In the module "Login as customer PRO" (loginascustomerpro) 
<1.2.7 from ...)
+       TODO: check
+CVE-2024-34994 (In the module "Channable" (channable) up to version 3.2.1 from 
Channab ...)
+       TODO: check
+CVE-2024-34990 (In the module "Help Desk - Customer Support Management System" 
(helpde ...)
+       TODO: check
+CVE-2024-33836 (In the module "JA Marketplace" (jamarketplace) up to version 
9.0.1 fro ...)
+       TODO: check
+CVE-2024-1168 (The SEOPress \u2013 On-site SEO plugin for WordPress is 
vulnerable to  ...)
+       TODO: check
+CVE-2023-3204 (The Materialis theme for WordPress is vulnerable to limited 
arbitrary  ...)
+       TODO: check
+CVE-2024-38619 (In the Linux kernel, the following vulnerability has been 
resolved:  u ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/16637fea001ab3c8df528a8995b3211906165a30 (6.10-rc4)
 CVE-2024-XXXX [RUSTSEC-2024-0344]
@@ -817,22 +887,22 @@ CVE-2024-21685 (This High severity Information Disclosure 
vulnerability was intr
        NOT-FOR-US: Atlassian
 CVE-2023-47726 (IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM 
Cloud Pa ...)
        NOT-FOR-US: IBM
-CVE-2024-6103
+CVE-2024-6103 (Use after free in Dawn in Google Chrome prior to 126.0.6478.114 
allowe ...)
        {DSA-5716-1}
        - chromium 126.0.6478.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-6102
+CVE-2024-6102 (Out of bounds memory access in Dawn in Google Chrome prior to 
126.0.64 ...)
        {DSA-5716-1}
        - chromium 126.0.6478.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-6101
+CVE-2024-6101 (Inappropriate implementation in V8 in Google Chrome prior to 
126.0.647 ...)
        {DSA-5716-1}
        - chromium 126.0.6478.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-6100
+CVE-2024-6100 (Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 
allowed  ...)
        {DSA-5716-1}
        - chromium 126.0.6478.114-1
        [bullseye] - chromium <end-of-life> (see #1061268)
@@ -102631,8 +102701,8 @@ CVE-2023-25648 (There is a weak folder permission 
vulnerability in ZTE's ZXCLOUD
        NOT-FOR-US: ZTE
 CVE-2023-25647 (There is a permission and access control vulnerability in some 
ZTE mob ...)
        NOT-FOR-US: ZTE
-CVE-2023-25646
-       RESERVED
+CVE-2023-25646 (There is an unauthorized access vulnerability in ZTE H388X. If 
H388X i ...)
+       TODO: check
 CVE-2023-25645 (There is a permission and access control vulnerability in some 
ZTE And ...)
        NOT-FOR-US: ZTE
 CVE-2023-25644 (There is a denial of service vulnerability in some ZTEmobile 
internet  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ae81d36eaef7dd0837f232a47599d28bf4a4a0e

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ae81d36eaef7dd0837f232a47599d28bf4a4a0e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to