[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 29 Jun 2024 01:12:52 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b9d74556 by security tracker role at 2024-06-29T08:12:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2024-6405 (The Floating Social Buttons plugin for WordPress is vulnerable 
to Cros ...)
+       TODO: check
+CVE-2024-6363 (The Stock Ticker plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2024-6265 (The UsersWP \u2013 Front-end login form, User Registration, 
User Profi ...)
+       TODO: check
+CVE-2024-5942 (The Page and Post Clone plugin for WordPress is vulnerable to 
Insecure ...)
+       TODO: check
+CVE-2024-5889 (The Events Manager \u2013 Calendar, Bookings, Tickets, and 
more! plugi ...)
+       TODO: check
+CVE-2024-5790 (The Happy Addons for Elementor plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
+CVE-2024-5666 (The Extensions for Elementor plugin for WordPress is vulnerable 
to Sto ...)
+       TODO: check
+CVE-2024-5598 (The Advanced File Manager plugin for WordPress is vulnerable to 
Sensit ...)
+       TODO: check
+CVE-2024-5192 (The Funnel Builder for WordPress by FunnelKit \u2013 Customize 
WooComm ...)
+       TODO: check
+CVE-2024-39828 (R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in 
a modifi ...)
+       TODO: check
+CVE-2024-39307 (Kavita is a cross platform reading server. Opening an ebook 
with malic ...)
+       TODO: check
+CVE-2024-39302 (BigBlueButton is an open-source virtual classroom designed to 
help tea ...)
+       TODO: check
+CVE-2024-38533 (ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs 
to scal ...)
+       TODO: check
+CVE-2024-38532 (The NXP Data Co-Processor (DCP) is a built-in hardware module 
for spec ...)
+       TODO: check
+CVE-2024-38525 (dd-trace-cpp is the Datadog distributed tracing for C++. When 
the libr ...)
+       TODO: check
+CVE-2024-38518 (BigBlueButton is an open-source virtual classroom designed to 
help tea ...)
+       TODO: check
+CVE-2019-25211 (parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 
mishandle ...)
+       TODO: check
 CVE-2024-6403 (A vulnerability, which was classified as critical, has been 
found in T ...)
        NOT-FOR-US: Tenda
 CVE-2024-6402 (A vulnerability classified as critical was found in Tenda A301 
15.13.0 ...)
@@ -313,7 +347,7 @@ CVE-2024-38523 (Hush Line is a free and open-source, 
anonymous-tip-line-as-a-ser
        NOT-FOR-US: Hush Line
 CVE-2024-38515
        REJECTED
-CVE-2024-35260 (Microsoft Dataverse Remote Code Execution Vulnerability)
+CVE-2024-35260 (An authenticated attacker can exploit an Untrusted Search Path 
vulnera ...)
        NOT-FOR-US: Microsoft
 CVE-2024-35153 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to 
cross-si ...)
        NOT-FOR-US: IBM
@@ -358,10 +392,10 @@ CVE-2023-38370 (IBM Security Access Manager Docker 
10.0.0.0 through 10.0.7.1, un
        NOT-FOR-US: IBM
 CVE-2023-38368 (IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 
could dis ...)
        NOT-FOR-US: IBM
-CVE-2024-37371
+CVE-2024-37371 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can 
cause inva ...)
        - krb5 1.21.3-1
        NOTE: 
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef 
(krb5-1.21.3-final)
-CVE-2024-37370
+CVE-2024-37370 (In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can 
modify the ...)
        - krb5 1.21.3-1
        NOTE: 
https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef 
(krb5-1.21.3-final)
 CVE-2024-5535 (Issue summary: Calling the OpenSSL API function 
SSL_select_next_proto  ...)
@@ -1256,7 +1290,7 @@ CVE-2024-6268 (A vulnerability, which was classified as 
critical, has been found
 CVE-2024-4841 (A Path Traversal vulnerability exists in the 
parisneo/lollms-webui, sp ...)
        NOT-FOR-US: parisneo/lollms-webui
 CVE-2024-39331 (In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el 
expands a % ...)
-       {DSA-5719-1 DSA-5718-1}
+       {DSA-5719-1 DSA-5718-1 DLA-3849-1 DLA-3848-1}
        - emacs 1:29.4+1-1 (bug #1074137)
        - org-mode 9.7.5+dfsg-1 (bug #1074136)
        [bookworm] - org-mode <ignored> (Produces only a dependency binary 
package)
@@ -21503,7 +21537,7 @@ CVE-2023-38002 (IBM Storage Scale 5.1.0.0 through 
5.1.9.2 could allow an authent
 CVE-2023-36268 (An issue in The Document Foundation Libreoffice v.7.4.7 allows 
a remot ...)
        - libreoffice <unfixed> (unimportant)
        NOTE: Resource overload in desktop app, no security impact
-CVE-2024-29040
+CVE-2024-29040 (This repository hosts source code implementing the Trusted 
Computing G ...)
        - tpm2-tss 4.1.0-1 (bug #1070140)
        [bookworm] - tpm2-tss <no-dsa> (Minor issue)
        [bullseye] - tpm2-tss <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9d7455610c65d238d7b9b2fafaeedd82be7c4cb

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9d7455610c65d238d7b9b2fafaeedd82be7c4cb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to