Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dba58818 by security tracker role at 2024-06-11T08:12:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,185 @@
+CVE-2024-5530 (The ShopLentor \u2013 WooCommerce Builder for Elementor &
Gutenberg +1 ...)
+ TODO: check
+CVE-2024-5090 (The SiteOrigin Widgets Bundle plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2024-4319 (The Advanced Contact form 7 DB plugin for WordPress is
vulnerable to u ...)
+ TODO: check
+CVE-2024-4266 (The MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form
Builder f ...)
+ TODO: check
+CVE-2024-3723 (The Advanced Contact form 7 DB plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2024-3549 (The Blog2Social: Social Media Auto Post & Scheduler plugin for
WordPre ...)
+ TODO: check
+CVE-2024-37289 (An improper access control vulnerability in Trend Micro Apex
One could ...)
+ TODO: check
+CVE-2024-37178 (SAP Financial Consolidation does not sufficiently encode
user-controll ...)
+ TODO: check
+CVE-2024-37177 (SAP Financial Consolidation allows data to enter a Web
application thr ...)
+ TODO: check
+CVE-2024-37176 (SAP BW/4HANA Transformation and Data Transfer Process (DTP)
allows an ...)
+ TODO: check
+CVE-2024-37169 (@jmondi/url-to-png is a self-hosted URL to PNG utility.
Versions prior ...)
+ TODO: check
+CVE-2024-37168 (@grpc/grps-js implements the core functionality of gRPC purely
in Java ...)
+ TODO: check
+CVE-2024-37166 (ghtml is software that uses tagged templates for template
engine funct ...)
+ TODO: check
+CVE-2024-37130 (Dell OpenManage Server Administrator, versions 11.0.1.0 and
prior, con ...)
+ TODO: check
+CVE-2024-36473 (Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is
vulnerabl ...)
+ TODO: check
+CVE-2024-36471 (Import functionality is vulnerable to DNS rebinding attacks
between ve ...)
+ TODO: check
+CVE-2024-36419 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36418 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36416 (SuiteCRM is an open-source Customer Relationship Management
(CRM) soft ...)
+ TODO: check
+CVE-2024-36360 (OS command injection vulnerability exists in awkblog v0.0.1
(commit ha ...)
+ TODO: check
+CVE-2024-36359 (A cross-site scripting (XSS) vulnerability in Trend Micro
InterScan We ...)
+ TODO: check
+CVE-2024-36358 (A link following vulnerability in Trend Micro Deep Security
20.x agent ...)
+ TODO: check
+CVE-2024-36307 (A security agent link following vulnerability in Trend Micro
Apex One ...)
+ TODO: check
+CVE-2024-36306 (A link following vulnerability in the Trend Micro Apex One and
Apex On ...)
+ TODO: check
+CVE-2024-36305 (A security agent link following vulnerability in Trend Micro
Apex One ...)
+ TODO: check
+CVE-2024-36304 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro
Apex One ...)
+ TODO: check
+CVE-2024-36303 (An origin validation vulnerability in the Trend Micro Apex One
securit ...)
+ TODO: check
+CVE-2024-36302 (An origin validation vulnerability in the Trend Micro Apex One
securit ...)
+ TODO: check
+CVE-2024-35329 (libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in
yaml_do ...)
+ TODO: check
+CVE-2024-35242 (Composer is a dependency manager for PHP. On the 2.x branch
prior to v ...)
+ TODO: check
+CVE-2024-35241 (Composer is a dependency manager for PHP. On the 2.x branch
prior to v ...)
+ TODO: check
+CVE-2024-34691 (Manage Incoming Payment Files (F1680) of SAP S/4HANA does not
perform ...)
+ TODO: check
+CVE-2024-34690 (SAP Student Life Cycle Management (SLcM) fails to conduct
proper autho ...)
+ TODO: check
+CVE-2024-34688 (Due to unrestricted access to the Meta Model Repository
services in SA ...)
+ TODO: check
+CVE-2024-34686 (Due to insufficient input validation, SAP CRM WebClient UI
allows an u ...)
+ TODO: check
+CVE-2024-34684 (On Unix, SAP BusinessObjects Business Intelligence Platform
(Schedulin ...)
+ TODO: check
+CVE-2024-34683 (An authenticated attacker can upload malicious file to SAP
Document Bu ...)
+ TODO: check
+CVE-2024-33850 (Pexip Infinity before 34.1 has Improper Access Control for
persons in ...)
+ TODO: check
+CVE-2024-33001 (SAP NetWeaver and ABAP platform allows an attacker to impede
performan ...)
+ TODO: check
+CVE-2024-32849 (Trend Micro Security 17.x (Consumer) is vulnerable to a
Privilege Esca ...)
+ TODO: check
+CVE-2024-31404 (Insertion of sensitive information into sent data issue exists
in Cybo ...)
+ TODO: check
+CVE-2024-31403 (Incorrect authorization vulnerability in Cybozu Garoon 5.0.0
to 6.0.0 ...)
+ TODO: check
+CVE-2024-31402 (Incorrect authorization vulnerability in Cybozu Garoon 5.0.0
to 5.15.2 ...)
+ TODO: check
+CVE-2024-31401 (Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to
5.15.2 al ...)
+ TODO: check
+CVE-2024-31400 (Insertion of sensitive information into sent data issue exists
in Cybo ...)
+ TODO: check
+CVE-2024-31399 (Excessive platform resource consumption within a loop issue
exists in ...)
+ TODO: check
+CVE-2024-31398 (Insertion of sensitive information into sent data issue exists
in Cybo ...)
+ TODO: check
+CVE-2024-31397 (Improper handling of extra values issue exists in Cybozu
Garoon 5.0.0 ...)
+ TODO: check
+CVE-2024-2473 (The WPS Hide Login plugin for WordPress is vulnerable to Login
Page Di ...)
+ TODO: check
+CVE-2024-29855 (Hard-coded JWT secret allows authentication bypass in Veeam
Recovery O ...)
+ TODO: check
+CVE-2024-28164 (SAP NetWeaver AS Java (CAF - Guided Procedures) allows an
unauthentica ...)
+ TODO: check
+CVE-2024-27885 (This issue was addressed with improved validation of symlinks.
This is ...)
+ TODO: check
+CVE-2024-27857 (An out-of-bounds access issue was addressed with improved
bounds check ...)
+ TODO: check
+CVE-2024-27855 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-27851 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2024-27850 (This issue was addressed with improvements to the noise
injection algo ...)
+ TODO: check
+CVE-2024-27848 (This issue was addressed with improved permissions checking.
This issu ...)
+ TODO: check
+CVE-2024-27845 (A privacy issue was addressed with improved handling of
temporary file ...)
+ TODO: check
+CVE-2024-27844 (The issue was addressed with improved checks. This issue is
fixed in v ...)
+ TODO: check
+CVE-2024-27840 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-27838 (The issue was addressed by adding additional logic. This issue
is fixe ...)
+ TODO: check
+CVE-2024-27836 (The issue was addressed with improved checks. This issue is
fixed in v ...)
+ TODO: check
+CVE-2024-27833 (An integer overflow was addressed with improved input
validation. This ...)
+ TODO: check
+CVE-2024-27832 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+ TODO: check
+CVE-2024-27831 (An out-of-bounds write issue was addressed with improved input
validat ...)
+ TODO: check
+CVE-2024-27830 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2024-27828 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-27820 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-27819 (The issue was addressed by restricting options offered on a
locked dev ...)
+ TODO: check
+CVE-2024-27817 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-27815 (An out-of-bounds write issue was addressed with improved input
validat ...)
+ TODO: check
+CVE-2024-27814 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2024-27812 (The issue was addressed with improvements to the file handling
protoco ...)
+ TODO: check
+CVE-2024-27811 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+ TODO: check
+CVE-2024-27808 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2024-27807 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2024-27806 (This issue was addressed with improved environment
sanitization. This ...)
+ TODO: check
+CVE-2024-27805 (An issue was addressed with improved validation of environment
variabl ...)
+ TODO: check
+CVE-2024-27802 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
+CVE-2024-27801 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+ TODO: check
+CVE-2024-27800 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
+CVE-2024-27799 (This issue was addressed with additional entitlement checks.
This issu ...)
+ TODO: check
+CVE-2024-23282 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2024-23251 (An authentication issue was addressed with improved state
management. ...)
+ TODO: check
+CVE-2024-22261 (SQL-Injection in Harbor allows priviledge users to leak the
task IDs)
+ TODO: check
+CVE-2024-22244 (Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may
redirect ...)
+ TODO: check
+CVE-2024-0653 (The Custom Field Template plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-0627 (The Custom Field Template plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2023-7264 (The Build App Online plugin for WordPress is vulnerable to
account tak ...)
+ TODO: check
+CVE-2023-6748 (The Custom Field Template plugin for WordPress is vulnerable to
Sensit ...)
+ TODO: check
+CVE-2023-6745 (The Custom Field Template plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
CVE-2024-5203
NOT-FOR-US: Keycloak
CVE-2024-3183
@@ -146226,10 +146408,10 @@ CVE-2014-125026 (LZ4 bindings use a deprecated C
API that is vulnerable to memor
NOT-FOR-US: golz4 (Golang interface to LZ4)
CVE-2013-10005 (The RemoteAddr and LocalAddr methods on the returned net.Conn
may call ...)
NOT-FOR-US: btcsuite
-CVE-2022-37020
- RESERVED
-CVE-2022-37019
- RESERVED
+CVE-2022-37020 (Potential vulnerabilities have been identified in the system
BIOS for ...)
+ TODO: check
+CVE-2022-37019 (Potential vulnerabilities have been identified in the system
BIOS for ...)
+ TODO: check
CVE-2022-37018 (A potential vulnerability has been identified in the system
BIOS for c ...)
NOT-FOR-US: HPE
CVE-2022-37017 (Symantec Endpoint Protection (Windows) agent, prior to 14.3
RU6/14.3 R ...)
@@ -314293,8 +314475,8 @@ CVE-2020-11845 (Cross Site Scripting vulnerability in
Micro Focus Service Manage
NOT-FOR-US: Micro Focus
CVE-2020-11844 (Incorrect Authorization vulnerability in Micro Focus Container
Deploym ...)
NOT-FOR-US: Micro Focus
-CVE-2020-11843
- RESERVED
+CVE-2020-11843 (This allows the information exposure to unauthorized
users.This issue ...)
+ TODO: check
CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream
Host In ...)
NOT-FOR-US: Micro Focus
CVE-2020-11841 (Unauthorized information disclosure vulnerability in Micro
Focus ArcSi ...)
@@ -587532,7 +587714,7 @@ CVE-2014-0810 (Unspecified vulnerability in
JustSystems Sanshiro 2007 before upd
NOT-FOR-US: JustSystems Sanshiro 2007
CVE-2014-0809 (Directory traversal vulnerability in the Gapless Player SimZip
(aka Si ...)
NOT-FOR-US: Gapless Player SimZip
-CVE-2014-0808 (The lfCheckError function in
data/class/pages/shopping/LC_Page_Shoppin ...)
+CVE-2014-0808 (Authorization bypass through user-controlled key issue exists
in EC-CU ...)
NOT-FOR-US: LOCKON EC-CUBE
CVE-2014-0807 (data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON
EC-CUBE ...)
NOT-FOR-US: LOCKON EC-CUBE
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dba588184d96fe2e7da8ca92f5b03e56de7d4706
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dba588184d96fe2e7da8ca92f5b03e56de7d4706
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
