Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a9218f0 by security tracker role at 2024-06-28T08:11:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2024-6296 (The Stackable \u2013 Page Builder Gutenberg Blocks plugin for
WordPres ...)
+ TODO: check
+CVE-2024-6288 (The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel &
more Via ...)
+ TODO: check
+CVE-2024-6071 (PTC Creo Elements/Direct License Server exposes a web interface
which ...)
+ TODO: check
+CVE-2024-5864 (The Easy Affiliate Links plugin for WordPress is vulnerable to
unautho ...)
+ TODO: check
+CVE-2024-5863 (The Easy Image Collage plugin for WordPress is vulnerable to
unauthori ...)
+ TODO: check
+CVE-2024-5796 (The Infinite theme for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2024-5788 (The Silesia theme for WordPress is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
+CVE-2024-5730 (The Pagerank tools WordPress plugin through 1.1.5 does not
sanitise an ...)
+ TODO: check
+CVE-2024-5729 (The Simple AL Slider WordPress plugin through 1.2.10 does not
sanitise ...)
+ TODO: check
+CVE-2024-5728 (The Animated AL List WordPress plugin through 1.0.6 does not
sanitise ...)
+ TODO: check
+CVE-2024-5727 (The Widget4Call WordPress plugin through 1.0.7 does not
sanitise and e ...)
+ TODO: check
+CVE-2024-5642 (CPython 3.9 and earlier doesn't disallow configuring an empty
list ("[ ...)
+ TODO: check
+CVE-2024-5570 (The Simple Photoswipe WordPress plugin through 0.1 does not
have autho ...)
+ TODO: check
+CVE-2024-4395 (The XPC service within the audit functionality of Jamf
Compliance Edit ...)
+ TODO: check
+CVE-2024-39708 (An issue was discovered in the Agent in Delinea Privilege
Manager (for ...)
+ TODO: check
+CVE-2024-39705 (NLTK through 3.8.1 allows remote code execution if untrusted
packages ...)
+ TODO: check
+CVE-2024-39352 (A vulnerability regarding incorrect authorization is found in
the firm ...)
+ TODO: check
+CVE-2024-39351 (A vulnerability regarding improper neutralization of special
elements ...)
+ TODO: check
+CVE-2024-39350 (A vulnerability regarding authentication bypass by spoofing is
found i ...)
+ TODO: check
+CVE-2024-39349 (A vulnerability regarding buffer copy without checking size of
input ( ...)
+ TODO: check
+CVE-2024-39348 (Download of code without integrity check vulnerability in
AirPrint fun ...)
+ TODO: check
+CVE-2024-39347 (Incorrect default permissions vulnerability in firewall
functionality ...)
+ TODO: check
+CVE-2024-39209 (luci-app-sms-tool v1.9-6 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2024-39134 (A Stack Buffer Overflow vulnerability in zziplibv 0.13.77
allows attac ...)
+ TODO: check
+CVE-2024-39132 (A NULL Pointer Dereference vulnerability in DumpTS
v0.1.0-nightly allo ...)
+ TODO: check
+CVE-2024-37282 (It was identified that under certain specific preconditions,
an API ke ...)
+ TODO: check
+CVE-2024-37137 (Dell Key Trust Platform, v3.0.6 and prior, contains Use of a
Cryptogra ...)
+ TODO: check
+CVE-2024-36755 (D-Link DIR-1950 up to v1.11B03 does not validate SSL
certificates when ...)
+ TODO: check
+CVE-2024-36075 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys
Unify thr ...)
+ TODO: check
+CVE-2024-36074 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys
Unify thr ...)
+ TODO: check
+CVE-2024-36073 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys
Unify thr ...)
+ TODO: check
+CVE-2024-36072 (Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys
Unify thr ...)
+ TODO: check
+CVE-2024-36059 (Directory Traversal vulnerability in Kalkitech ASE ASE61850
IEDSmart u ...)
+ TODO: check
+CVE-2024-30135 (HCL DRYiCE AEX is potentially impacted by disclosure of
sensitive info ...)
+ TODO: check
+CVE-2024-30111 (HCL DRYiCE AEX product is impacted by Missing Root Detection
vulnerabi ...)
+ TODO: check
+CVE-2024-30110 (HCL DRYiCE AEX product is impacted by lack of input validation
vulnera ...)
+ TODO: check
+CVE-2024-30109 (HCL DRYiCE AEX is impacted by a lack of clickjacking
protection in the ...)
+ TODO: check
+CVE-2024-2973 (An Authentication Bypass Using an Alternate Path or Channel
vulnerabil ...)
+ TODO: check
+CVE-2024-2795 (The SEO SIMPLE PACK plugin for WordPress is vulnerable to
Information ...)
+ TODO: check
+CVE-2024-22276 (VMware Cloud Director Object Storage Extension contains an
Insertion o ...)
+ TODO: check
+CVE-2024-22272 (VMware Cloud Director contains an Improper Privilege
Management vulner ...)
+ TODO: check
+CVE-2024-22260 (VMware Workspace One UEM update addresses an information
exposure vuln ...)
+ TODO: check
+CVE-2023-52892 (In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before
3.0.33, ...)
+ TODO: check
+CVE-2023-47803 (A vulnerability regarding improper limitation of a pathname to
a restr ...)
+ TODO: check
+CVE-2023-47802 (A vulnerability regarding improper neutralization of special
elements ...)
+ TODO: check
+CVE-2016-20022 (In the Linux kernel before 4.8, usb_parse_endpoint in
drivers/usb/core ...)
+ TODO: check
CVE-2024-6388 (Marco Trevisan discovered that the Ubuntu Advantage Desktop
Daemon, be ...)
NOT-FOR-US: ubuntu-advantage-desktop-daemon
CVE-2024-6374 (A vulnerability was found in lahirudanushka School Management
System 1 ...)
@@ -6052,7 +6144,7 @@ CVE-2023-37539 (The Domino Catalog template is
susceptible to a Stored Cross-Sit
NOT-FOR-US: HCL
CVE-2023-32475 (Dell BIOS contains a missing support for integrity check
vulnerability ...)
NOT-FOR-US: Dell
-CVE-2022-4968 (netplan leaks the private key of wireguard to local users. A
security ...)
+CVE-2022-4968 (netplan leaks the private key of wireguard to local users.
Versions af ...)
- netplan.io <unfixed> (bug #1072789)
[bookworm] - netplan.io <no-dsa> (Minor issue)
[bullseye] - netplan.io <no-dsa> (Minor issue)
@@ -28195,6 +28287,7 @@ CVE-2021-47208 (The Mojolicious module before 9.11 for
Perl has a bug in format
NOTE: https://github.com/mojolicious/mojo/issues/1736
NOTE:
https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c
(v9.11)
CVE-2020-36829 (The Mojolicious module before 8.65 for Perl is vulnerable to
secure_co ...)
+ {DLA-3846-1}
- libmojolicious-perl 8.65+dfsg-1
NOTE: https://github.com/mojolicious/mojo/pull/1601 (v8.65)
NOTE: https://github.com/mojolicious/mojo/issues/1599
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a9218f0cce6a609380688ef0dcd0e9233eba1cd
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a9218f0cce6a609380688ef0dcd0e9233eba1cd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
