[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 11 09:12:45 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dba58818 by security tracker role at 2024-06-11T08:12:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,185 @@
+CVE-2024-5530 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...)
+	TODO: check
+CVE-2024-5090 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...)
+	TODO: check
+CVE-2024-4319 (The Advanced Contact form 7 DB plugin for WordPress is vulnerable to u ...)
+	TODO: check
+CVE-2024-4266 (The MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder f ...)
+	TODO: check
+CVE-2024-3723 (The Advanced Contact form 7 DB plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2024-3549 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
+	TODO: check
+CVE-2024-37289 (An improper access control vulnerability in Trend Micro Apex One could ...)
+	TODO: check
+CVE-2024-37178 (SAP Financial Consolidation does not sufficiently encode user-controll ...)
+	TODO: check
+CVE-2024-37177 (SAP Financial Consolidation allows data to enter a Web application thr ...)
+	TODO: check
+CVE-2024-37176 (SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an  ...)
+	TODO: check
+CVE-2024-37169 (@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior ...)
+	TODO: check
+CVE-2024-37168 (@grpc/grps-js implements the core functionality of gRPC purely in Java ...)
+	TODO: check
+CVE-2024-37166 (ghtml is software that uses tagged templates for template engine funct ...)
+	TODO: check
+CVE-2024-37130 (Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, con ...)
+	TODO: check
+CVE-2024-36473 (Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerabl ...)
+	TODO: check
+CVE-2024-36471 (Import functionality is vulnerable to DNS rebinding attacks between ve ...)
+	TODO: check
+CVE-2024-36419 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
+	TODO: check
+CVE-2024-36418 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
+	TODO: check
+CVE-2024-36416 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...)
+	TODO: check
+CVE-2024-36360 (OS command injection vulnerability exists in awkblog v0.0.1 (commit ha ...)
+	TODO: check
+CVE-2024-36359 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...)
+	TODO: check
+CVE-2024-36358 (A link following vulnerability in Trend Micro Deep Security 20.x agent ...)
+	TODO: check
+CVE-2024-36307 (A security agent link following vulnerability in Trend Micro Apex One  ...)
+	TODO: check
+CVE-2024-36306 (A link following vulnerability in the Trend Micro Apex One and Apex On ...)
+	TODO: check
+CVE-2024-36305 (A security agent link following vulnerability in Trend Micro Apex One  ...)
+	TODO: check
+CVE-2024-36304 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One  ...)
+	TODO: check
+CVE-2024-36303 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
+	TODO: check
+CVE-2024-36302 (An origin validation vulnerability in the Trend Micro Apex One securit ...)
+	TODO: check
+CVE-2024-35329 (libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_do ...)
+	TODO: check
+CVE-2024-35242 (Composer is a dependency manager for PHP. On the 2.x branch prior to v ...)
+	TODO: check
+CVE-2024-35241 (Composer is a dependency manager for PHP. On the 2.x branch prior to v ...)
+	TODO: check
+CVE-2024-34691 (Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform  ...)
+	TODO: check
+CVE-2024-34690 (SAP Student Life Cycle Management (SLcM) fails to conduct proper autho ...)
+	TODO: check
+CVE-2024-34688 (Due to unrestricted access to the Meta Model Repository services in SA ...)
+	TODO: check
+CVE-2024-34686 (Due to insufficient input validation, SAP CRM WebClient UI allows an u ...)
+	TODO: check
+CVE-2024-34684 (On Unix, SAP BusinessObjects Business Intelligence Platform (Schedulin ...)
+	TODO: check
+CVE-2024-34683 (An authenticated attacker can upload malicious file to SAP Document Bu ...)
+	TODO: check
+CVE-2024-33850 (Pexip Infinity before 34.1 has Improper Access Control for persons in  ...)
+	TODO: check
+CVE-2024-33001 (SAP NetWeaver and ABAP platform allows an attacker to impede performan ...)
+	TODO: check
+CVE-2024-32849 (Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Esca ...)
+	TODO: check
+CVE-2024-31404 (Insertion of sensitive information into sent data issue exists in Cybo ...)
+	TODO: check
+CVE-2024-31403 (Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0  ...)
+	TODO: check
+CVE-2024-31402 (Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 ...)
+	TODO: check
+CVE-2024-31401 (Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 al ...)
+	TODO: check
+CVE-2024-31400 (Insertion of sensitive information into sent data issue exists in Cybo ...)
+	TODO: check
+CVE-2024-31399 (Excessive platform resource consumption within a loop issue exists in  ...)
+	TODO: check
+CVE-2024-31398 (Insertion of sensitive information into sent data issue exists in Cybo ...)
+	TODO: check
+CVE-2024-31397 (Improper handling of extra values issue exists in Cybozu Garoon 5.0.0  ...)
+	TODO: check
+CVE-2024-2473 (The WPS Hide Login plugin for WordPress is vulnerable to Login Page Di ...)
+	TODO: check
+CVE-2024-29855 (Hard-coded JWT secret allows authentication bypass in Veeam Recovery O ...)
+	TODO: check
+CVE-2024-28164 (SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthentica ...)
+	TODO: check
+CVE-2024-27885 (This issue was addressed with improved validation of symlinks. This is ...)
+	TODO: check
+CVE-2024-27857 (An out-of-bounds access issue was addressed with improved bounds check ...)
+	TODO: check
+CVE-2024-27855 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
+CVE-2024-27851 (The issue was addressed with improved bounds checks. This issue is fix ...)
+	TODO: check
+CVE-2024-27850 (This issue was addressed with improvements to the noise injection algo ...)
+	TODO: check
+CVE-2024-27848 (This issue was addressed with improved permissions checking. This issu ...)
+	TODO: check
+CVE-2024-27845 (A privacy issue was addressed with improved handling of temporary file ...)
+	TODO: check
+CVE-2024-27844 (The issue was addressed with improved checks. This issue is fixed in v ...)
+	TODO: check
+CVE-2024-27840 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2024-27838 (The issue was addressed by adding additional logic. This issue is fixe ...)
+	TODO: check
+CVE-2024-27836 (The issue was addressed with improved checks. This issue is fixed in v ...)
+	TODO: check
+CVE-2024-27833 (An integer overflow was addressed with improved input validation. This ...)
+	TODO: check
+CVE-2024-27832 (The issue was addressed with improved checks. This issue is fixed in t ...)
+	TODO: check
+CVE-2024-27831 (An out-of-bounds write issue was addressed with improved input validat ...)
+	TODO: check
+CVE-2024-27830 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2024-27828 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2024-27820 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2024-27819 (The issue was addressed by restricting options offered on a locked dev ...)
+	TODO: check
+CVE-2024-27817 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
+CVE-2024-27815 (An out-of-bounds write issue was addressed with improved input validat ...)
+	TODO: check
+CVE-2024-27814 (This issue was addressed through improved state management. This issue ...)
+	TODO: check
+CVE-2024-27812 (The issue was addressed with improvements to the file handling protoco ...)
+	TODO: check
+CVE-2024-27811 (The issue was addressed with improved checks. This issue is fixed in t ...)
+	TODO: check
+CVE-2024-27808 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2024-27807 (The issue was addressed with improved checks. This issue is fixed in i ...)
+	TODO: check
+CVE-2024-27806 (This issue was addressed with improved environment sanitization. This  ...)
+	TODO: check
+CVE-2024-27805 (An issue was addressed with improved validation of environment variabl ...)
+	TODO: check
+CVE-2024-27802 (An out-of-bounds read was addressed with improved input validation. Th ...)
+	TODO: check
+CVE-2024-27801 (The issue was addressed with improved checks. This issue is fixed in t ...)
+	TODO: check
+CVE-2024-27800 (This issue was addressed by removing the vulnerable code. This issue i ...)
+	TODO: check
+CVE-2024-27799 (This issue was addressed with additional entitlement checks. This issu ...)
+	TODO: check
+CVE-2024-23282 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
+CVE-2024-23251 (An authentication issue was addressed with improved state management.  ...)
+	TODO: check
+CVE-2024-22261 (SQL-Injection in Harbor allows priviledge users to leak the task IDs)
+	TODO: check
+CVE-2024-22244 (Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect ...)
+	TODO: check
+CVE-2024-0653 (The Custom Field Template plugin for WordPress is vulnerable to Stored ...)
+	TODO: check
+CVE-2024-0627 (The Custom Field Template plugin for WordPress is vulnerable to Stored ...)
+	TODO: check
+CVE-2023-7264 (The Build App Online plugin for WordPress is vulnerable to account tak ...)
+	TODO: check
+CVE-2023-6748 (The Custom Field Template plugin for WordPress is vulnerable to Sensit ...)
+	TODO: check
+CVE-2023-6745 (The Custom Field Template plugin for WordPress is vulnerable to Stored ...)
+	TODO: check
 CVE-2024-5203
 	NOT-FOR-US: Keycloak
 CVE-2024-3183
@@ -146226,10 +146408,10 @@ CVE-2014-125026 (LZ4 bindings use a deprecated C API that is vulnerable to memor
 	NOT-FOR-US: golz4 (Golang interface to LZ4)
 CVE-2013-10005 (The RemoteAddr and LocalAddr methods on the returned net.Conn may call ...)
 	NOT-FOR-US: btcsuite
-CVE-2022-37020
-	RESERVED
-CVE-2022-37019
-	RESERVED
+CVE-2022-37020 (Potential vulnerabilities have been identified in the system BIOS for  ...)
+	TODO: check
+CVE-2022-37019 (Potential vulnerabilities have been identified in the system BIOS for  ...)
+	TODO: check
 CVE-2022-37018 (A potential vulnerability has been identified in the system BIOS for c ...)
 	NOT-FOR-US: HPE
 CVE-2022-37017 (Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 R ...)
@@ -314293,8 +314475,8 @@ CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manage
 	NOT-FOR-US: Micro Focus
 CVE-2020-11844 (Incorrect Authorization vulnerability in Micro Focus Container Deploym ...)
 	NOT-FOR-US: Micro Focus
-CVE-2020-11843
-	RESERVED
+CVE-2020-11843 (This allows the information exposure to unauthorized users.This issue  ...)
+	TODO: check
 CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream Host In ...)
 	NOT-FOR-US: Micro Focus
 CVE-2020-11841 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...)
@@ -587532,7 +587714,7 @@ CVE-2014-0810 (Unspecified vulnerability in JustSystems Sanshiro 2007 before upd
 	NOT-FOR-US: JustSystems Sanshiro 2007
 CVE-2014-0809 (Directory traversal vulnerability in the Gapless Player SimZip (aka Si ...)
 	NOT-FOR-US: Gapless Player SimZip
-CVE-2014-0808 (The lfCheckError function in data/class/pages/shopping/LC_Page_Shoppin ...)
+CVE-2014-0808 (Authorization bypass through user-controlled key issue exists in EC-CU ...)
 	NOT-FOR-US: LOCKON EC-CUBE
 CVE-2014-0807 (data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE ...)
 	NOT-FOR-US: LOCKON EC-CUBE



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dba588184d96fe2e7da8ca92f5b03e56de7d4706

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dba588184d96fe2e7da8ca92f5b03e56de7d4706
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240611/a55686c2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list