Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f41cc4b9 by security tracker role at 2024-07-13T08:12:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2024-6574 (The Laposta plugin for WordPress is vulnerable to Full Path
Disclosure ...)
+ TODO: check
+CVE-2024-6070 (The If-So Dynamic Content Personalization WordPress plugin
before 1.8. ...)
+ TODO: check
+CVE-2024-5902 (The User Feedback \u2013 Create Interactive Feedback Form, User
Survey ...)
+ TODO: check
+CVE-2024-5744 (The wp-eMember WordPress plugin before 10.6.7 does not escape
the $_SE ...)
+ TODO: check
+CVE-2024-5715 (The wp-eMember WordPress plugin before 10.6.7 does not sanitise
and es ...)
+ TODO: check
+CVE-2024-5713 (The If-So Dynamic Content Personalization WordPress plugin
before 1.8. ...)
+ TODO: check
+CVE-2024-5644 (The Tournamatch WordPress plugin before 4.6.1 does not sanitise
and es ...)
+ TODO: check
+CVE-2024-5627 (The Tournamatch WordPress plugin before 4.6.1 does not sanitise
and es ...)
+ TODO: check
+CVE-2024-5575 (The Ditty WordPress plugin before 3.1.43 does not sanitise and
escape ...)
+ TODO: check
+CVE-2024-5472 (The WP QuickLaTeX WordPress plugin before 3.8.7 does not
sanitise and ...)
+ TODO: check
+CVE-2024-5450 (The Bug Library WordPress plugin before 2.1.1 does not check
the file ...)
+ TODO: check
+CVE-2024-5442 (The Photo Gallery, Sliders, Proofing and WordPress plugin
before 3.5 ...)
+ TODO: check
+CVE-2024-5287 (The wp-affiliate-platform WordPress plugin before 6.5.1 does
not have ...)
+ TODO: check
+CVE-2024-5286 (The wp-affiliate-platform WordPress plugin before 6.5.1 does
not sanit ...)
+ TODO: check
+CVE-2024-5284 (The wp-affiliate-platform WordPress plugin before 6.5.1 does
not have ...)
+ TODO: check
+CVE-2024-5283 (The wp-affiliate-platform WordPress plugin before 6.5.1 does
not sanit ...)
+ TODO: check
+CVE-2024-5282 (The wp-affiliate-platform WordPress plugin before 6.5.1 does
not sanit ...)
+ TODO: check
+CVE-2024-5281 (The wp-affiliate-platform WordPress plugin before 6.5.1 does
not sanit ...)
+ TODO: check
+CVE-2024-5280 (The wp-affiliate-platform WordPress plugin before 6.5.1 does
not have ...)
+ TODO: check
+CVE-2024-5167 (The CM Email Registration Blacklist and Whitelist WordPress
plugin bef ...)
+ TODO: check
+CVE-2024-5151 (The SULly WordPress plugin before 4.3.1 does not sanitise and
escape s ...)
+ TODO: check
+CVE-2024-5080 (The wp-eMember WordPress plugin before 10.6.6 does not validate
files ...)
+ TODO: check
+CVE-2024-5079 (The wp-eMember WordPress plugin before 10.6.7 does not sanitise
and es ...)
+ TODO: check
+CVE-2024-5077 (The wp-eMember WordPress plugin before 10.6.6 does not have
CSRF check ...)
+ TODO: check
+CVE-2024-5076 (The wp-eMember WordPress plugin before 10.6.6 does not have
CSRF check ...)
+ TODO: check
+CVE-2024-5075 (The wp-eMember WordPress plugin before 10.6.6 does not sanitise
and es ...)
+ TODO: check
+CVE-2024-5074 (The wp-eMember WordPress plugin before 10.6.6 does not sanitise
and es ...)
+ TODO: check
+CVE-2024-5034 (The SULly WordPress plugin before 4.3.1 does not have CSRF
checks in s ...)
+ TODO: check
+CVE-2024-5033 (The SULly WordPress plugin before 4.3.1 does not have CSRF
check in so ...)
+ TODO: check
+CVE-2024-5032 (The SULly WordPress plugin before 4.3.1 does not sanitise and
escape a ...)
+ TODO: check
+CVE-2024-5028 (The CM WordPress Search And Replace Plugin WordPress plugin
before 1.3 ...)
+ TODO: check
+CVE-2024-5002 (The User Submitted Posts WordPress plugin before 20240516 does
not sa ...)
+ TODO: check
+CVE-2024-4977 (The Index WP MySQL For Speed WordPress plugin before 1.4.18
does not s ...)
+ TODO: check
+CVE-2024-4752 (The EventON WordPress plugin before 2.2.15 does not sanitise
and escap ...)
+ TODO: check
+CVE-2024-4602 (The Embed Peertube Playlist WordPress plugin before 1.10 does
not sani ...)
+ TODO: check
+CVE-2024-4272 (The Support SVG WordPress plugin before 1.1.0 does not
sanitize SVG f ...)
+ TODO: check
+CVE-2024-4269 (The SVG Block WordPress plugin before 1.1.20 does not sanitize
SVG fil ...)
+ TODO: check
+CVE-2024-4217 (The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does
not pro ...)
+ TODO: check
+CVE-2024-3964 (The Product Enquiry for WooCommerce WordPress plugin before
3.1.8 does ...)
+ TODO: check
+CVE-2024-3963 (The Giveaways and Contests by RafflePress WordPress plugin
before 1.1 ...)
+ TODO: check
+CVE-2024-3919 (The OpenPGP Form Encryption for WordPress plugin before 1.5.1
does not ...)
+ TODO: check
+CVE-2024-3753 (The Hostel WordPress plugin before 1.1.5.3 does not sanitise
and escap ...)
+ TODO: check
+CVE-2024-3751 (The Seriously Simple Podcasting WordPress plugin before 3.3.0
does not ...)
+ TODO: check
+CVE-2024-3710 (The Image Photo Gallery Final Tiles Grid WordPress plugin
before 3.6.0 ...)
+ TODO: check
+CVE-2024-3632 (The Smart Image Gallery WordPress plugin before 1.0.19 does not
have C ...)
+ TODO: check
+CVE-2024-3026 (The WordPress Button Plugin MaxButtons WordPress plugin before
9.7.8 d ...)
+ TODO: check
+CVE-2024-31947 (StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26
allows Dir ...)
+ TODO: check
+CVE-2024-30213 (StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26
allows rem ...)
+ TODO: check
+CVE-2024-2870 (The socialdriver-framework WordPress plugin before 2024.04.30
does not ...)
+ TODO: check
CVE-2024-6495 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2024-6353 (The Wallet for WooCommerce plugin for WordPress is vulnerable
to SQL I ...)
@@ -2282,14 +2380,14 @@ CVE-2024-6501 (A flaw was found in NetworkManager. When
a system running Network
[bookworm] - network-manager <no-dsa> (Minor issue)
[bullseye] - network-manager <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2295734
-CVE-2023-39329 [Resource exhaustion will occur in the opj_t1_decode_cblks
function in the tcd.c]
+CVE-2023-39329 (A flaw was found in OpenJPEG. A resource exhaustion can occur
in the o ...)
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/1474
CVE-2023-39328 (A vulnerability was found in OpenJPEG similar to
CVE-2019-6988. This f ...)
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/1471
NOTE: https://github.com/uclouvain/openjpeg/pull/1470
-CVE-2023-39327 [Malicious files can cause the program to enter a large loop]
+CVE-2023-39327 (A flaw was found in OpenJPEG. Maliciously constructed pictures
can cau ...)
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/1472
CVE-2024-6526 (A vulnerability classified as problematic has been found in
CodeIgnite ...)
@@ -3277,7 +3375,7 @@ CVE-2024-36387 (Serving WebSocket protocol upgrades over
a HTTP/2 connection cou
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-36387
NOTE:
https://github.com/apache/httpd/commit/62aa64e5aea21dd969db97aded4443c98c0735ac
NOTE: (see also
https://svn.apache.org/viewvc?view=revision&revision=1918557)
-CVE-2024-6409 (A signal handler race condition vulnerability was found in
OpenSSH's s ...)
+CVE-2024-6409 (A race condition vulnerability was discovered in how signals
are handl ...)
- openssh <not-affected> (Exploitable issue in RHEL9 packaged versions)
NOTE: https://www.openwall.com/lists/oss-security/2024/07/08/2
CVE-2024-6387 (A security regression (CVE-2006-5051) was discovered in
OpenSSH's serv ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f41cc4b96c7263ccb11006f550f1211a052c6974
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f41cc4b96c7263ccb11006f550f1211a052c6974
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
