[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 25 09:12:40 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fe6bb167 by security tracker role at 2024-09-25T08:12:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,108 @@
+CVE-2024-9073 (The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress ...)
+ TODO: check
+CVE-2024-9069 (The Graphicsly \u2013 The ultimate graphics plugin for WordPress websi ...)
+ TODO: check
+CVE-2024-9068 (The OneElements \u2013 Best Elementor Addons plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-9028 (The WP GPX Maps plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-9027 (The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-9024 (The Material Design Icons plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-8910 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...)
+ TODO: check
+CVE-2024-8741 (The Beam me up Scotty \u2013 Back to Top Button plugin for WordPress i ...)
+ TODO: check
+CVE-2024-8713 (The Kodex Posts likes plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2024-8678 (The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-8668 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...)
+ TODO: check
+CVE-2024-8658 (The myCred \u2013 Loyalty Points and Rewards plugin for WordPress and ...)
+ TODO: check
+CVE-2024-8621 (The Daily Prayer Time plugin for WordPress is vulnerable to SQL Inject ...)
+ TODO: check
+CVE-2024-8549 (The Simple Calendar \u2013 Google Calendar Plugin plugin for WordPress ...)
+ TODO: check
+CVE-2024-8516 (The Themesflat Addons For Elementor plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-8515 (The Themesflat Addons For Elementor plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-8514 (The Prisna GWT \u2013 Google Website Translator plugin for WordPress i ...)
+ TODO: check
+CVE-2024-8497 (Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 poss ...)
+ TODO: check
+CVE-2024-8485 (The REST API TO MiniProgram plugin for WordPress is vulnerable to priv ...)
+ TODO: check
+CVE-2024-8484 (The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL ...)
+ TODO: check
+CVE-2024-8483 (The MAS Static Content plugin for WordPress is vulnerable to Informati ...)
+ TODO: check
+CVE-2024-8481 (The The Special Text Boxes plugin for WordPress is vulnerable to arbit ...)
+ TODO: check
+CVE-2024-8476 (The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2024-8434 (The Easy Mega Menu Plugin for WordPress \u2013 ThemeHunk plugin for Wo ...)
+ TODO: check
+CVE-2024-8350 (The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-8349 (The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-8291 (Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable t ...)
+ TODO: check
+CVE-2024-8290 (The WCFM \u2013 Frontend Manager for WooCommerce along with Bookings S ...)
+ TODO: check
+CVE-2024-8275 (The The Events Calendar plugin for WordPress is vulnerable to SQL Inje ...)
+ TODO: check
+CVE-2024-8175 (An unauthenticated remote attacker cancauses the CODESYS web server to ...)
+ TODO: check
+CVE-2024-7892 (The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF ch ...)
+ TODO: check
+CVE-2024-7878 (The WP ULike WordPress plugin before 4.7.4 does not sanitise and esca ...)
+ TODO: check
+CVE-2024-7617 (The Contact Form to Any API plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2024-7491 (The HUSKY \u2013 Products Filter Professional for WooCommerce plugin f ...)
+ TODO: check
+CVE-2024-7426 (The Community by PeepSo \u2013 Social Network, Membership, Registratio ...)
+ TODO: check
+CVE-2024-7398 (Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vu ...)
+ TODO: check
+CVE-2024-7386 (The Premium Packages \u2013 Sell Digital Products Securely plugin for ...)
+ TODO: check
+CVE-2024-7385 (The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-6845 (The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have p ...)
+ TODO: check
+CVE-2024-6590 (The Spreadsheet Integration \u2013 Automate Google Sheets With WordPre ...)
+ TODO: check
+CVE-2024-47303 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-46612 (IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key ...)
+ TODO: check
+CVE-2024-45373 (Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can chang ...)
+ TODO: check
+CVE-2024-45066 (A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP ...)
+ TODO: check
+CVE-2024-43693 (A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE U ...)
+ TODO: check
+CVE-2024-43692 (An attacker can directly request the ProGauge MAGLINK LX CONSOLE reso ...)
+ TODO: check
+CVE-2024-43423 (The web application for ProGauge MAGLINK LX4 CONSOLE contains an admi ...)
+ TODO: check
+CVE-2024-41725 (ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on inpu ...)
+ TODO: check
+CVE-2024-40761 (Inadequate Encryption Strength vulnerability in Apache Answer. This i ...)
+ TODO: check
+CVE-2024-3866 (The Ninja Forms Contact Form plugin for WordPress is vulnerable to Ref ...)
+ TODO: check
CVE-2024-38809
- libspring-java <unfixed> (unimportant)
NOTE: https://spring.io/security/cve-2024-38809
NOTE: Only supported for building applications shipped in Debian, see README.Debian.security
-CVE-2024-23454
+CVE-2024-23454 (Apache Hadoop\u2019s RunJar.run()does not set permissions for temporar ...)
- hadoop <itp> (bug #793644)
CVE-2024-9148 (Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to ...)
NOT-FOR-US: Flowise
@@ -196061,7 +196161,7 @@ CVE-2022-28614 (The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlie
NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/4
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614
NOTE: https://github.com/apache/httpd/commit/8c14927162cf3b4f810683e1c5505e9ef9e1f123
-CVE-2022-28613 (A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU5 ...)
+CVE-2022-28613 (A vulnerability exists in the HCI Modbus TCP function included in the ...)
NOT-FOR-US: HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware
CVE-2022-28610
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe6bb167b05534898cda4d6837c04b7205e321b4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe6bb167b05534898cda4d6837c04b7205e321b4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240925/1e21fc3d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list