Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9693d3f7 by security tracker role at 2024-07-24T08:11:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2024-7027 (The WooCommerce - PDF Vouchers plugin for WordPress is
vulnerable to a ...)
+ TODO: check
+CVE-2024-6930 (The WP Booking Calendar plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2024-6836 (The Funnel Builder for WordPress by FunnelKit \u2013 Customize
WooComm ...)
+ TODO: check
+CVE-2024-6756 (The Social Auto Poster plugin for WordPress is vulnerable to
arbitrary ...)
+ TODO: check
+CVE-2024-6755 (The Social Auto Poster plugin for WordPress is vulnerable to
unauthori ...)
+ TODO: check
+CVE-2024-6754 (The Social Auto Poster plugin for WordPress is vulnerable to
unauthori ...)
+ TODO: check
+CVE-2024-6753 (The Social Auto Poster plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-6752 (The Social Auto Poster plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-6751 (The Social Auto Poster plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2024-6750 (The Social Auto Poster plugin for WordPress is vulnerable to
unauthori ...)
+ TODO: check
+CVE-2024-6629 (The All-in-One Video Gallery plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
+CVE-2024-6571 (The Optimize Images ALT Text (alt tag) & names for SEO using AI
plugin ...)
+ TODO: check
+CVE-2024-6553 (The WP Meteor Website Speed Optimization Addon plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-6094 (The WP ULike WordPress plugin before 4.7.1 does not sanitise
and esca ...)
+ TODO: check
+CVE-2024-5861 (The WP EasyPay \u2013 Square for WordPress plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2024-41656 (Sentry is an error tracking and performance monitoring
platform. Start ...)
+ TODO: check
+CVE-2024-3454 (An implementation issue in the Connectivity Standards Alliance
Matter ...)
+ TODO: check
+CVE-2024-3297 (An issue in the Certificate Authenticated Session Establishment
(CASE) ...)
+ TODO: check
+CVE-2024-3246 (The LiteSpeed Cache plugin for WordPress is vulnerable to
Cross-Site R ...)
+ TODO: check
+CVE-2024-39676 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-38176 (An improper restriction of excessive authentication attempts
in GroupM ...)
+ TODO: check
+CVE-2024-38164 (An improper access control vulnerability in GroupMe allows an
a unauth ...)
+ TODO: check
+CVE-2024-0981 (Okta Browser Plugin versions 6.5.0 through 6.31.0
(Chrome/Edge/Firefox ...)
+ TODO: check
+CVE-2023-48362 (XXE in the XML Format Plugin in Apache Drill version 1.19.0
and greate ...)
+ TODO: check
+CVE-2023-32471 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an
out-of-bou ...)
+ TODO: check
+CVE-2023-32466 (Dell Edge Gateway BIOS, versions 3200 and 5200, contains an
out-of-bou ...)
+ TODO: check
CVE-2024-7014 (EvilVideo vulnerability allows sending malicious apps disguised
as vid ...)
NOT-FOR-US: Telegram for Android
CVE-2024-6783 (A vulnerability has been discovered in Vue, that allows an
attacker to ...)
@@ -5138,7 +5190,7 @@ CVE-2023-51776 (Improper privilege management in Jungo
WinDriver before 12.1.0 a
NOT-FOR-US: Jungo WinDriver
CVE-2023-39324
REJECTED
-CVE-2024-40767
+CVE-2024-40767 (In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29
before 29.1. ...)
- nova <not-affected> (Incomplete fix/regression never introduced in
Debian as fix for CVE-2024-32498 complete)
CVE-2024-32498 (An issue was discovered in OpenStack Cinder through 24.0.0,
Glance bef ...)
- cinder <unfixed> (bug #1074763)
@@ -7421,14 +7473,14 @@ CVE-2023-3352 (The Smush plugin for WordPress is
vulnerable to unauthorized dele
NOT-FOR-US: WordPress plugin
CVE-2021-47621 (ClassGraph before 4.8.112 was not resistant to XML eXternal
Entity (XX ...)
NOT-FOR-US: ClassGraph
-CVE-2024-6874
+CVE-2024-6874 (libcurl's URL API function
[curl_url_get()](https://curl.se/libcurl/c/ ...)
- curl <unfixed>
[bookworm] - curl <not-affected> (Vulnerable code introduced later)
[bullseye] - curl <not-affected> (Vulnerable code introduced later)
NOTE: https://curl.se/docs/CVE-2024-6874.html
NOTE: Introduced in:
https://github.com/curl/curl/commit/add22feeef07858307be5722e1869e082554290e
(curl-8_8_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/686d54baf1df6e0775898f484d1670742898b3b2
(curl-8_9_0)
-CVE-2024-6197 [freeing stack buffer in utf8asn1str]
+CVE-2024-6197 (libcurl's ASN1 parser has this utf8asn1str() function used for
parsing ...)
- curl <unfixed>
[bookworm] - curl <not-affected> (Vulnerable code introduced later)
[bullseye] - curl <not-affected> (Vulnerable code introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9693d3f7ede803e7772c5f0ca57b3c4322f69d16
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9693d3f7ede803e7772c5f0ca57b3c4322f69d16
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
