Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: dba58818 by security tracker role at 2024-06-11T08:12:29+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,185 @@ +CVE-2024-5530 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...) + TODO: check +CVE-2024-5090 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to St ...) + TODO: check +CVE-2024-4319 (The Advanced Contact form 7 DB plugin for WordPress is vulnerable to u ...) + TODO: check +CVE-2024-4266 (The MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder f ...) + TODO: check +CVE-2024-3723 (The Advanced Contact form 7 DB plugin for WordPress is vulnerable to S ...) + TODO: check +CVE-2024-3549 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...) + TODO: check +CVE-2024-37289 (An improper access control vulnerability in Trend Micro Apex One could ...) + TODO: check +CVE-2024-37178 (SAP Financial Consolidation does not sufficiently encode user-controll ...) + TODO: check +CVE-2024-37177 (SAP Financial Consolidation allows data to enter a Web application thr ...) + TODO: check +CVE-2024-37176 (SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an ...) + TODO: check +CVE-2024-37169 (@jmondi/url-to-png is a self-hosted URL to PNG utility. Versions prior ...) + TODO: check +CVE-2024-37168 (@grpc/grps-js implements the core functionality of gRPC purely in Java ...) + TODO: check +CVE-2024-37166 (ghtml is software that uses tagged templates for template engine funct ...) + TODO: check +CVE-2024-37130 (Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, con ...) + TODO: check +CVE-2024-36473 (Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerabl ...) + TODO: check +CVE-2024-36471 (Import functionality is vulnerable to DNS rebinding attacks between ve ...) + TODO: check +CVE-2024-36419 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36418 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36416 (SuiteCRM is an open-source Customer Relationship Management (CRM) soft ...) + TODO: check +CVE-2024-36360 (OS command injection vulnerability exists in awkblog v0.0.1 (commit ha ...) + TODO: check +CVE-2024-36359 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...) + TODO: check +CVE-2024-36358 (A link following vulnerability in Trend Micro Deep Security 20.x agent ...) + TODO: check +CVE-2024-36307 (A security agent link following vulnerability in Trend Micro Apex One ...) + TODO: check +CVE-2024-36306 (A link following vulnerability in the Trend Micro Apex One and Apex On ...) + TODO: check +CVE-2024-36305 (A security agent link following vulnerability in Trend Micro Apex One ...) + TODO: check +CVE-2024-36304 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...) + TODO: check +CVE-2024-36303 (An origin validation vulnerability in the Trend Micro Apex One securit ...) + TODO: check +CVE-2024-36302 (An origin validation vulnerability in the Trend Micro Apex One securit ...) + TODO: check +CVE-2024-35329 (libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_do ...) + TODO: check +CVE-2024-35242 (Composer is a dependency manager for PHP. On the 2.x branch prior to v ...) + TODO: check +CVE-2024-35241 (Composer is a dependency manager for PHP. On the 2.x branch prior to v ...) + TODO: check +CVE-2024-34691 (Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform ...) + TODO: check +CVE-2024-34690 (SAP Student Life Cycle Management (SLcM) fails to conduct proper autho ...) + TODO: check +CVE-2024-34688 (Due to unrestricted access to the Meta Model Repository services in SA ...) + TODO: check +CVE-2024-34686 (Due to insufficient input validation, SAP CRM WebClient UI allows an u ...) + TODO: check +CVE-2024-34684 (On Unix, SAP BusinessObjects Business Intelligence Platform (Schedulin ...) + TODO: check +CVE-2024-34683 (An authenticated attacker can upload malicious file to SAP Document Bu ...) + TODO: check +CVE-2024-33850 (Pexip Infinity before 34.1 has Improper Access Control for persons in ...) + TODO: check +CVE-2024-33001 (SAP NetWeaver and ABAP platform allows an attacker to impede performan ...) + TODO: check +CVE-2024-32849 (Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Esca ...) + TODO: check +CVE-2024-31404 (Insertion of sensitive information into sent data issue exists in Cybo ...) + TODO: check +CVE-2024-31403 (Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 ...) + TODO: check +CVE-2024-31402 (Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 ...) + TODO: check +CVE-2024-31401 (Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 al ...) + TODO: check +CVE-2024-31400 (Insertion of sensitive information into sent data issue exists in Cybo ...) + TODO: check +CVE-2024-31399 (Excessive platform resource consumption within a loop issue exists in ...) + TODO: check +CVE-2024-31398 (Insertion of sensitive information into sent data issue exists in Cybo ...) + TODO: check +CVE-2024-31397 (Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 ...) + TODO: check +CVE-2024-2473 (The WPS Hide Login plugin for WordPress is vulnerable to Login Page Di ...) + TODO: check +CVE-2024-29855 (Hard-coded JWT secret allows authentication bypass in Veeam Recovery O ...) + TODO: check +CVE-2024-28164 (SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthentica ...) + TODO: check +CVE-2024-27885 (This issue was addressed with improved validation of symlinks. This is ...) + TODO: check +CVE-2024-27857 (An out-of-bounds access issue was addressed with improved bounds check ...) + TODO: check +CVE-2024-27855 (The issue was addressed with improved checks. This issue is fixed in m ...) + TODO: check +CVE-2024-27851 (The issue was addressed with improved bounds checks. This issue is fix ...) + TODO: check +CVE-2024-27850 (This issue was addressed with improvements to the noise injection algo ...) + TODO: check +CVE-2024-27848 (This issue was addressed with improved permissions checking. This issu ...) + TODO: check +CVE-2024-27845 (A privacy issue was addressed with improved handling of temporary file ...) + TODO: check +CVE-2024-27844 (The issue was addressed with improved checks. This issue is fixed in v ...) + TODO: check +CVE-2024-27840 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-27838 (The issue was addressed by adding additional logic. This issue is fixe ...) + TODO: check +CVE-2024-27836 (The issue was addressed with improved checks. This issue is fixed in v ...) + TODO: check +CVE-2024-27833 (An integer overflow was addressed with improved input validation. This ...) + TODO: check +CVE-2024-27832 (The issue was addressed with improved checks. This issue is fixed in t ...) + TODO: check +CVE-2024-27831 (An out-of-bounds write issue was addressed with improved input validat ...) + TODO: check +CVE-2024-27830 (This issue was addressed through improved state management. This issue ...) + TODO: check +CVE-2024-27828 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-27820 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-27819 (The issue was addressed by restricting options offered on a locked dev ...) + TODO: check +CVE-2024-27817 (The issue was addressed with improved checks. This issue is fixed in m ...) + TODO: check +CVE-2024-27815 (An out-of-bounds write issue was addressed with improved input validat ...) + TODO: check +CVE-2024-27814 (This issue was addressed through improved state management. This issue ...) + TODO: check +CVE-2024-27812 (The issue was addressed with improvements to the file handling protoco ...) + TODO: check +CVE-2024-27811 (The issue was addressed with improved checks. This issue is fixed in t ...) + TODO: check +CVE-2024-27808 (The issue was addressed with improved memory handling. This issue is f ...) + TODO: check +CVE-2024-27807 (The issue was addressed with improved checks. This issue is fixed in i ...) + TODO: check +CVE-2024-27806 (This issue was addressed with improved environment sanitization. This ...) + TODO: check +CVE-2024-27805 (An issue was addressed with improved validation of environment variabl ...) + TODO: check +CVE-2024-27802 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check +CVE-2024-27801 (The issue was addressed with improved checks. This issue is fixed in t ...) + TODO: check +CVE-2024-27800 (This issue was addressed by removing the vulnerable code. This issue i ...) + TODO: check +CVE-2024-27799 (This issue was addressed with additional entitlement checks. This issu ...) + TODO: check +CVE-2024-23282 (The issue was addressed with improved checks. This issue is fixed in m ...) + TODO: check +CVE-2024-23251 (An authentication issue was addressed with improved state management. ...) + TODO: check +CVE-2024-22261 (SQL-Injection in Harbor allows priviledge users to leak the task IDs) + TODO: check +CVE-2024-22244 (Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect ...) + TODO: check +CVE-2024-0653 (The Custom Field Template plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2024-0627 (The Custom Field Template plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2023-7264 (The Build App Online plugin for WordPress is vulnerable to account tak ...) + TODO: check +CVE-2023-6748 (The Custom Field Template plugin for WordPress is vulnerable to Sensit ...) + TODO: check +CVE-2023-6745 (The Custom Field Template plugin for WordPress is vulnerable to Stored ...) + TODO: check CVE-2024-5203 NOT-FOR-US: Keycloak CVE-2024-3183 @@ -146226,10 +146408,10 @@ CVE-2014-125026 (LZ4 bindings use a deprecated C API that is vulnerable to memor NOT-FOR-US: golz4 (Golang interface to LZ4) CVE-2013-10005 (The RemoteAddr and LocalAddr methods on the returned net.Conn may call ...) NOT-FOR-US: btcsuite -CVE-2022-37020 - RESERVED -CVE-2022-37019 - RESERVED +CVE-2022-37020 (Potential vulnerabilities have been identified in the system BIOS for ...) + TODO: check +CVE-2022-37019 (Potential vulnerabilities have been identified in the system BIOS for ...) + TODO: check CVE-2022-37018 (A potential vulnerability has been identified in the system BIOS for c ...) NOT-FOR-US: HPE CVE-2022-37017 (Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 R ...) @@ -314293,8 +314475,8 @@ CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manage NOT-FOR-US: Micro Focus CVE-2020-11844 (Incorrect Authorization vulnerability in Micro Focus Container Deploym ...) NOT-FOR-US: Micro Focus -CVE-2020-11843 - RESERVED +CVE-2020-11843 (This allows the information exposure to unauthorized users.This issue ...) + TODO: check CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream Host In ...) NOT-FOR-US: Micro Focus CVE-2020-11841 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...) @@ -587532,7 +587714,7 @@ CVE-2014-0810 (Unspecified vulnerability in JustSystems Sanshiro 2007 before upd NOT-FOR-US: JustSystems Sanshiro 2007 CVE-2014-0809 (Directory traversal vulnerability in the Gapless Player SimZip (aka Si ...) NOT-FOR-US: Gapless Player SimZip -CVE-2014-0808 (The lfCheckError function in data/class/pages/shopping/LC_Page_Shoppin ...) +CVE-2014-0808 (Authorization bypass through user-controlled key issue exists in EC-CU ...) NOT-FOR-US: LOCKON EC-CUBE CVE-2014-0807 (data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE ...) NOT-FOR-US: LOCKON EC-CUBE View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dba588184d96fe2e7da8ca92f5b03e56de7d4706 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dba588184d96fe2e7da8ca92f5b03e56de7d4706 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits