[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 12 09:12:26 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
56860f1f by security tracker role at 2024-07-12T08:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2024-6677 (Privilege escalation in uberAgent)
+ TODO: check
+CVE-2024-6625 (The WP Total Branding \u2013 Complete branding solution for WordPress ...)
+ TODO: check
+CVE-2024-6588 (The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vu ...)
+ TODO: check
+CVE-2024-6555 (The WP Popups \u2013 WordPress Popup builder plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-6468 (Vault and Vault Enterprise did not properly handle requests originatin ...)
+ TODO: check
+CVE-2024-6396 (A vulnerability in the `_backup_run` function in aimhubio/aim version ...)
+ TODO: check
+CVE-2024-6392 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress ...)
+ TODO: check
+CVE-2024-6024 (The ContentLock WordPress plugin through 1.0.3 does not have CSRF chec ...)
+ TODO: check
+CVE-2024-6023 (The ContentLock WordPress plugin through 1.0.3 does not have CSRF chec ...)
+ TODO: check
+CVE-2024-6022 (The ContentLock WordPress plugin through 1.0.3 does not have CSRF chec ...)
+ TODO: check
+CVE-2024-5811 (The Simple Video Directory WordPress plugin before 1.4.4 does not sani ...)
+ TODO: check
+CVE-2024-5626 (The Inline Related Posts WordPress plugin before 3.7.0 does not saniti ...)
+ TODO: check
+CVE-2024-4753 (The WP Secure Maintenance WordPress plugin before 1.7 does not sanitis ...)
+ TODO: check
+CVE-2024-3112 (The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does n ...)
+ TODO: check
+CVE-2024-36435 (An issue was discovered on Supermicro BMC firmware in select X11, X12, ...)
+ TODO: check
+CVE-2024-2696 (The socialdriver-framework WordPress plugin before 2024.04.30 does not ...)
+ TODO: check
+CVE-2024-2640 (The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and es ...)
+ TODO: check
+CVE-2024-2430 (The Website Content in Page or Post WordPress plugin before 2024.04.09 ...)
+ TODO: check
+CVE-2024-1375 (The Event post plugin for WordPress is vulnerable to unauthorized bulk ...)
+ TODO: check
+CVE-2024-0974 (The Social Media Widget WordPress plugin before 4.0.9 does not sanitis ...)
+ TODO: check
CVE-2024-6681 (A vulnerability, which was classified as critical, has been found in w ...)
TODO: check
CVE-2024-6680 (A vulnerability classified as critical was found in witmy my-springsec ...)
@@ -345,7 +385,7 @@ CVE-2023-33859 (IBM Security QRadar EDR 3.12 could disclose sensitive informatio
NOT-FOR-US: IBM
CVE-2024-6550 (The Gravity Forms: Multiple Form Instances plugin for WordPress is vul ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-6433 (Relative Path Traversal in GitHub repository stitionai/devika prior to ...)
+CVE-2024-6433 (The application zips all the files in the folder specified by the user ...)
NOT-FOR-US: stitionai/devika
CVE-2024-6422 (An unauthenticated remote attacker can manipulate the device via Telne ...)
NOT-FOR-US: Pepperl+Fuchs SE
@@ -1358,7 +1398,7 @@ CVE-2024-5793 (The Houzez Theme - Functionality plugin for WordPress is vulnerab
CVE-2024-5569 (A Denial of Service (DoS) vulnerability exists in the jaraco/zipp libr ...)
- python-zipp 3.19.2-1
NOTE: https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd (v3.19.1)
-CVE-2024-5549 (Origin Validation Error in GitHub repository stitionai/devika prior to ...)
+CVE-2024-5549 (A CORS misconfiguration in the stitionai/devika repository allows atta ...)
NOT-FOR-US: stitionai/devika
CVE-2024-5488 (The SEOPress WordPress plugin before 7.9 does not properly protect so ...)
NOT-FOR-US: WordPress plugin
@@ -1571,7 +1611,7 @@ CVE-2023-34435 (A firmware update vulnerability exists in the boa formUpload fun
NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2024-6539 (A vulnerability classified as problematic has been found in heyewei Sp ...)
NOT-FOR-US: heyewei SpringBootCMS
-CVE-2024-5711 (Cross-site Scripting (XSS) - Stored in GitHub repository stitionai/dev ...)
+CVE-2024-5711 (A stored Cross-Site Scripting (XSS) vulnerability exists in the stitio ...)
NOT-FOR-US: stitionai/devika
CVE-2024-39723 (IBM FlashSystem 5300 USB ports may be usable even if the port has been ...)
NOT-FOR-US: IBM
@@ -1933,9 +1973,9 @@ CVE-2024-6126 (A flaw was found in the cockpit package. This flaw allows an auth
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2290859
CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and ...)
- check-mk <removed>
-CVE-2024-5887 (Cross-Site Request Forgery (CSRF) in stitionai/devika)
+CVE-2024-5887 (A Cross-Site Request Forgery (CSRF) vulnerability exists in stitionai/ ...)
NOT-FOR-US: stitionai/devika
-CVE-2024-5821 (Improper Access Control in stitionai/devika)
+CVE-2024-5821 (The vulnerability allows an attacker to access sensitive files on the ...)
NOT-FOR-US: stitionai/devika
CVE-2024-5672 (A high privileged remote attacker canexecute arbitrary system commands ...)
NOT-FOR-US: Red Lion Europe GmbH
@@ -2723,7 +2763,7 @@ CVE-2024-6415 (A vulnerability classified as problematic was found in Ingenico E
NOT-FOR-US: ngenico Estate Manager
CVE-2024-6414 (A vulnerability classified as problematic has been found in Parsec Aut ...)
NOT-FOR-US: Parsec Automation TrakSYS
-CVE-2024-5926 (Path Traversal: '\..\filename' in GitHub repository stitionai/devika p ...)
+CVE-2024-5926 (A path traversal vulnerability in the get-project-files functionality ...)
NOT-FOR-US: stitionai/devika
CVE-2024-39848 (Internet2 Grouper before 5.6 allows authentication bypass when LDAP au ...)
NOT-FOR-US: Internet2 Grouper
@@ -2794,7 +2834,7 @@ CVE-2024-5736 (Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames
NOT-FOR-US: AdmirorFrames Joomla! extension
CVE-2024-5735 (Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension ...)
NOT-FOR-US: AdmirorFrames Joomla! extension
-CVE-2024-5712 (Cross-Site Request Forgery (CSRF) in stitionai/devika)
+CVE-2024-5712 (A Cross-Site Request Forgery (CSRF) vulnerability was identified in th ...)
NOT-FOR-US: stitionai/devika
CVE-2024-5662 (The Ultimate Post Kit Addons For Elementor \u2013 (Post Grid, Post Car ...)
NOT-FOR-US: WordPress plugin
@@ -3036,7 +3076,7 @@ CVE-2024-5824 (A path traversal vulnerability in the `/set_personality_config` e
NOT-FOR-US: parisneo/lollms
CVE-2024-5822 (A Server-Side Request Forgery (SSRF) vulnerability exists in the uploa ...)
NOT-FOR-US: gaizhenbiao/ChuanhuChatGPT
-CVE-2024-5820 (Missing Authorization in stitionai/devika)
+CVE-2024-5820 (An unprotected WebSocket connection in the latest version of stitionai ...)
NOT-FOR-US: stitionai/devika
CVE-2024-5755 (In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email v ...)
NOT-FOR-US: lunary-ai/lunary
@@ -3046,11 +3086,11 @@ CVE-2024-5714 (In lunary-ai/lunary version 1.2.4, an improper access control vul
NOT-FOR-US: lunary-ai/lunary
CVE-2024-5710 (berriai/litellm version 1.34.34 is vulnerable to improper access contr ...)
NOT-FOR-US: BerriAI/litellm
-CVE-2024-5548 (Path Traversal in GitHub repository stitionai/devika prior to -.)
+CVE-2024-5548 (A directory traversal vulnerability exists in the stitionai/devika rep ...)
NOT-FOR-US: stitionai/devika
-CVE-2024-5547 (Relative Path Traversal in GitHub repository stitionai/devika prior to ...)
+CVE-2024-5547 (A directory traversal vulnerability exists in the /api/download-projec ...)
NOT-FOR-US: stitionai/devika
-CVE-2024-5334 (External Control of File Name or Path in GitHub repository stitionai/d ...)
+CVE-2024-5334 (A local file read vulnerability exists in the stitionai/devika reposit ...)
NOT-FOR-US: stitionai/devika
CVE-2024-4983 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templa ...)
NOT-FOR-US: WordPress plugin
@@ -174566,8 +174606,8 @@ CVE-2022-29948 (Due to an insecure design, the Lepin EP-KP001 flash drive throug
NOT-FOR-US: Lepin
CVE-2022-29947 (Woodpecker before 0.15.1 allows XSS via build logs because web/src/com ...)
- woodpecker <itp> (bug #1008934)
-CVE-2022-29946
- RESERVED
+CVE-2022-29946 (NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 co ...)
+ TODO: check
CVE-2022-29945 (DJI drone devices sold in 2017 through 2022 broadcast unencrypted info ...)
NOT-FOR-US: DJI drone devices
CVE-2022-29944 (An issue was discovered in ONOS 2.5.1. There is an incorrect compariso ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56860f1f8210e367df4da62aadf481bd11e9151b
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56860f1f8210e367df4da62aadf481bd11e9151b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240712/2b5d57ac/attachment.htm>
More information about the debian-security-tracker-commits
mailing list