[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 9 09:12:25 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
252eefd7 by security tracker role at 2024-07-09T08:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2024-6365 (The Product Table by WBW plugin for WordPress is vulnerable to Remote ...)
+ TODO: check
+CVE-2024-6334 (The Easy Table of Contents WordPress plugin before 2.0.67.1 does not s ...)
+ TODO: check
+CVE-2024-6321 (The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site R ...)
+ TODO: check
+CVE-2024-6320 (The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Requ ...)
+ TODO: check
+CVE-2024-6317 (The Generate PDF using Contact Form 7 plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-6316 (The Generate PDF using Contact Form 7 plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-6314 (The IQ Testimonials plugin for WordPress is vulnerable to arbitrary fi ...)
+ TODO: check
+CVE-2024-6313 (The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary fi ...)
+ TODO: check
+CVE-2024-6310 (The Advanced AJAX Page Loader plugin for WordPress is vulnerable to Cr ...)
+ TODO: check
+CVE-2024-6309 (The Attachment File Icons (AF Icons) plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-6180 (The EventON plugin for WordPress is vulnerable to unauthorized modific ...)
+ TODO: check
+CVE-2024-6171 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...)
+ TODO: check
+CVE-2024-6170 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...)
+ TODO: check
+CVE-2024-6169 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...)
+ TODO: check
+CVE-2024-6166 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...)
+ TODO: check
+CVE-2024-6161 (The Default Thumbnail Plus plugin for WordPress is vulnerable to arbit ...)
+ TODO: check
+CVE-2024-6123 (The Bit Form plugin for WordPress is vulnerable to arbitrary file uplo ...)
+ TODO: check
+CVE-2024-5974 (A buffer overflow in WatchGuard Fireware OS could may allow an authent ...)
+ TODO: check
+CVE-2024-5971 (A vulnerability was found in Undertow, where the chunked response hang ...)
+ TODO: check
+CVE-2024-5881 (The Webico Slider Flatsome Addons plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-5855 (The Media Hygiene: Remove or Delete Unused Images and More! plugin for ...)
+ TODO: check
+CVE-2024-5802 (The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sa ...)
+ TODO: check
+CVE-2024-5793 (The Houzez Theme - Functionality plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-5569 (A Denial of Service (DoS) vulnerability exists in the jaraco/zipp libr ...)
+ TODO: check
+CVE-2024-5549 (Origin Validation Error in GitHub repository stitionai/devika prior to ...)
+ TODO: check
+CVE-2024-5488 (The SEOPress WordPress plugin before 7.9 does not properly protect so ...)
+ TODO: check
+CVE-2024-5441 (The Modern Events Calendar plugin for WordPress is vulnerable to arbit ...)
+ TODO: check
+CVE-2024-4944 (A local privilege escalation vlnerability in the WatchGuard Mobile VPN ...)
+ TODO: check
+CVE-2024-4667 (The Blog, Posts and Category Filter for Elementor plugin for WordPress ...)
+ TODO: check
+CVE-2024-3653 (A vulnerability was found in Undertow. This issue requires enabling th ...)
+ TODO: check
+CVE-2024-3410 (The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise ...)
+ TODO: check
+CVE-2024-39600 (Under certain conditions, the memory of SAP GUI for Windows contains t ...)
+ TODO: check
+CVE-2024-39599 (Due to a Protection Mechanism Failure in SAP NetWeaver Application Ser ...)
+ TODO: check
+CVE-2024-39598 (SAP CRM (WebClient UI Framework) allows an authenticated attacker to e ...)
+ TODO: check
+CVE-2024-39597 (In SAP Commerce, a user can misuse the forgotten password functionalit ...)
+ TODO: check
+CVE-2024-39596 (Due to missing authorization checks, SAP Enable Now allows an author t ...)
+ TODO: check
+CVE-2024-39595 (SAP Business Warehouse - Business Planning and Simulation application ...)
+ TODO: check
+CVE-2024-39594 (SAP Business Warehouse - Business Planning and Simulation application ...)
+ TODO: check
+CVE-2024-39593 (SAP Landscape Management allows an authenticated user to read confiden ...)
+ TODO: check
+CVE-2024-39592 (Elements of PDCE does not perform necessary authorization checks for a ...)
+ TODO: check
+CVE-2024-38372 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Depend ...)
+ TODO: check
+CVE-2024-37923 (Cross-Site Request Forgery (CSRF) vulnerability in Cliengo \u2013 Chat ...)
+ TODO: check
+CVE-2024-37555 (Unrestricted Upload of File with Dangerous Type vulnerability in Zealo ...)
+ TODO: check
+CVE-2024-37180 (Under certain conditions SAP NetWeaver Application Server for ABAP and ...)
+ TODO: check
+CVE-2024-37175 (SAP CRM WebClient does not perform necessary authorization check for a ...)
+ TODO: check
+CVE-2024-37174 (Custom CSS support option in SAP CRM WebClient UI does not sufficientl ...)
+ TODO: check
+CVE-2024-37173 (Due to insufficient input validation, SAP CRM WebClient UI allows an ...)
+ TODO: check
+CVE-2024-37172 (SAP S/4HANA Finance (Advanced Payment Management) does not perform nec ...)
+ TODO: check
+CVE-2024-37171 (SAP Transportation Management (Collaboration Portal) allows an attacke ...)
+ TODO: check
+CVE-2024-34786 (UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation ...)
+ TODO: check
+CVE-2024-34692 (Due to missing verification of file type or content, SAP Enable Now al ...)
+ TODO: check
+CVE-2024-34689 (WebFlow Services of SAP Business Workflow allows an authenticated atta ...)
+ TODO: check
+CVE-2024-34685 (Due to weak encoding of user-controlled input in SAP NetWeaver Knowled ...)
+ TODO: check
+CVE-2024-28751 (An high privileged remote attacker can enable telnet access that accep ...)
+ TODO: check
+CVE-2024-28750 (A remote attacker with high privileges may use a deleting file functio ...)
+ TODO: check
+CVE-2024-28749 (A remote attacker with high privileges may use a writing file function ...)
+ TODO: check
+CVE-2024-28748 (A remote attacker with high privileges may use a reading file function ...)
+ TODO: check
+CVE-2024-28747 (An unauthenticated remote attacker can use the hard-coded credentials ...)
+ TODO: check
+CVE-2024-22062 (There is a permissions and access control vulnerability in ZXCLOUD IRA ...)
+ TODO: check
CVE-2024-37372
- nodejs <not-affected> (Only affect Node.js on Windows)
NOTE: https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#permission-model-improperly-processes-unc-paths-cve-2024-37372---low
@@ -7,7 +125,7 @@ CVE-2024-22018
CVE-2024-36137
- nodejs <unfixed>
NOTE: https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#fsfchownfchmod-bypasses-permission-model-cve-2024-36137---low
-CVE-2024-22020
+CVE-2024-22020 (A security flaw in Node.js allows a bypass of network import restrict ...)
- nodejs <unfixed>
NOTE: https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#bypass-network-import-restriction-via-data-url-cve-2024-22020---medium
CVE-2024-6580 (The /n software IPWorks SSH library SFTPServer component can be induce ...)
@@ -2530,7 +2648,7 @@ CVE-2024-29868 (Use of Cryptographically Weak Pseudo-Random Number Generator (PR
NOT-FOR-US: Apache StreamPipes
CVE-2024-27136 (XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the atta ...)
- jspwiki <removed>
-CVE-2024-28882
+CVE-2024-28882 (OpenVPN 2.6.10 and earlier in a server role accepts multiple exit noti ...)
- openvpn 2.6.11-1 (bug #1074488)
NOTE: https://github.com/OpenVPN/openvpn/commit/65fb67cd6c320a426567b2922c4282fb8738ba3f (v2.6.11)
CVE-2024-5594
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/252eefd72ea9d9a671362c9bab5b7f88a1fb3f01
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/252eefd72ea9d9a671362c9bab5b7f88a1fb3f01
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240709/a193f486/attachment.htm>
More information about the debian-security-tracker-commits
mailing list