[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 09 Jul 2024 01:12:39 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
252eefd7 by security tracker role at 2024-07-09T08:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2024-6365 (The Product Table by WBW plugin for WordPress is vulnerable to 
Remote  ...)
+       TODO: check
+CVE-2024-6334 (The Easy Table of Contents WordPress plugin before 2.0.67.1 
does not s ...)
+       TODO: check
+CVE-2024-6321 (The ScrollTo Bottom plugin for WordPress is vulnerable to 
Cross-Site R ...)
+       TODO: check
+CVE-2024-6320 (The ScrollTo Top plugin for WordPress is vulnerable to 
Cross-Site Requ ...)
+       TODO: check
+CVE-2024-6317 (The Generate PDF using Contact Form 7 plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2024-6316 (The Generate PDF using Contact Form 7 plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2024-6314 (The IQ Testimonials plugin for WordPress is vulnerable to 
arbitrary fi ...)
+       TODO: check
+CVE-2024-6313 (The Gutenberg Forms plugin for WordPress is vulnerable to 
arbitrary fi ...)
+       TODO: check
+CVE-2024-6310 (The Advanced AJAX Page Loader plugin for WordPress is 
vulnerable to Cr ...)
+       TODO: check
+CVE-2024-6309 (The Attachment File Icons (AF Icons) plugin for WordPress is 
vulnerabl ...)
+       TODO: check
+CVE-2024-6180 (The EventON plugin for WordPress is vulnerable to unauthorized 
modific ...)
+       TODO: check
+CVE-2024-6171 (The Unlimited Elements For Elementor (Free Widgets, Addons, 
Templates) ...)
+       TODO: check
+CVE-2024-6170 (The Unlimited Elements For Elementor (Free Widgets, Addons, 
Templates) ...)
+       TODO: check
+CVE-2024-6169 (The Unlimited Elements For Elementor (Free Widgets, Addons, 
Templates) ...)
+       TODO: check
+CVE-2024-6166 (The Unlimited Elements For Elementor (Free Widgets, Addons, 
Templates) ...)
+       TODO: check
+CVE-2024-6161 (The Default Thumbnail Plus plugin for WordPress is vulnerable 
to arbit ...)
+       TODO: check
+CVE-2024-6123 (The Bit Form plugin for WordPress is vulnerable to arbitrary 
file uplo ...)
+       TODO: check
+CVE-2024-5974 (A buffer overflow in WatchGuard Fireware OS could may allow an 
authent ...)
+       TODO: check
+CVE-2024-5971 (A vulnerability was found in Undertow, where the chunked 
response hang ...)
+       TODO: check
+CVE-2024-5881 (The Webico Slider Flatsome Addons plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2024-5855 (The Media Hygiene: Remove or Delete Unused Images and More! 
plugin for ...)
+       TODO: check
+CVE-2024-5802 (The URL Shortener by Myhop WordPress plugin through 1.0.17 does 
not sa ...)
+       TODO: check
+CVE-2024-5793 (The Houzez Theme - Functionality plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2024-5569 (A Denial of Service (DoS) vulnerability exists in the 
jaraco/zipp libr ...)
+       TODO: check
+CVE-2024-5549 (Origin Validation Error in GitHub repository stitionai/devika 
prior to ...)
+       TODO: check
+CVE-2024-5488 (The SEOPress  WordPress plugin before 7.9 does not properly 
protect so ...)
+       TODO: check
+CVE-2024-5441 (The Modern Events Calendar plugin for WordPress is vulnerable 
to arbit ...)
+       TODO: check
+CVE-2024-4944 (A local privilege escalation vlnerability in the WatchGuard 
Mobile VPN ...)
+       TODO: check
+CVE-2024-4667 (The Blog, Posts and Category Filter for Elementor plugin for 
WordPress ...)
+       TODO: check
+CVE-2024-3653 (A vulnerability was found in Undertow. This issue requires 
enabling th ...)
+       TODO: check
+CVE-2024-3410 (The DN Footer Contacts WordPress plugin before 1.6.3 does not 
sanitise ...)
+       TODO: check
+CVE-2024-39600 (Under certain conditions, the memory of SAP GUI for Windows 
contains t ...)
+       TODO: check
+CVE-2024-39599 (Due to a Protection Mechanism Failure in SAP NetWeaver 
Application Ser ...)
+       TODO: check
+CVE-2024-39598 (SAP CRM (WebClient UI Framework) allows an authenticated 
attacker to e ...)
+       TODO: check
+CVE-2024-39597 (In SAP Commerce, a user can misuse the forgotten password 
functionalit ...)
+       TODO: check
+CVE-2024-39596 (Due to missing authorization checks, SAP Enable Now allows an 
author t ...)
+       TODO: check
+CVE-2024-39595 (SAP Business Warehouse - Business Planning and Simulation 
application  ...)
+       TODO: check
+CVE-2024-39594 (SAP Business Warehouse - Business Planning and Simulation 
application  ...)
+       TODO: check
+CVE-2024-39593 (SAP Landscape Management allows an authenticated user to read 
confiden ...)
+       TODO: check
+CVE-2024-39592 (Elements of PDCE does not perform necessary authorization 
checks for a ...)
+       TODO: check
+CVE-2024-38372 (Undici is an HTTP/1.1 client, written from scratch for 
Node.js. Depend ...)
+       TODO: check
+CVE-2024-37923 (Cross-Site Request Forgery (CSRF) vulnerability in Cliengo 
\u2013 Chat ...)
+       TODO: check
+CVE-2024-37555 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Zealo ...)
+       TODO: check
+CVE-2024-37180 (Under certain conditions SAP NetWeaver Application Server for 
ABAP and ...)
+       TODO: check
+CVE-2024-37175 (SAP CRM WebClient does not perform necessary authorization 
check for a ...)
+       TODO: check
+CVE-2024-37174 (Custom CSS support option in SAP CRM WebClient UI does not 
sufficientl ...)
+       TODO: check
+CVE-2024-37173 (Due to insufficient input validation, SAP   CRM WebClient UI 
allows an ...)
+       TODO: check
+CVE-2024-37172 (SAP S/4HANA Finance (Advanced Payment Management) does not 
perform nec ...)
+       TODO: check
+CVE-2024-37171 (SAP Transportation Management (Collaboration Portal) allows an 
attacke ...)
+       TODO: check
+CVE-2024-34786 (UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd 
Generation  ...)
+       TODO: check
+CVE-2024-34692 (Due to missing verification of file type or content, SAP 
Enable Now al ...)
+       TODO: check
+CVE-2024-34689 (WebFlow Services of SAP Business Workflow allows an 
authenticated atta ...)
+       TODO: check
+CVE-2024-34685 (Due to weak encoding of user-controlled input in SAP NetWeaver 
Knowled ...)
+       TODO: check
+CVE-2024-28751 (An high privileged remote attacker can enable telnet access 
that accep ...)
+       TODO: check
+CVE-2024-28750 (A remote attacker with high privileges may use a deleting file 
functio ...)
+       TODO: check
+CVE-2024-28749 (A remote attacker with high privileges may use a writing file 
function ...)
+       TODO: check
+CVE-2024-28748 (A remote attacker with high privileges may use a reading file 
function ...)
+       TODO: check
+CVE-2024-28747 (An unauthenticated remote attacker can use the hard-coded 
credentials  ...)
+       TODO: check
+CVE-2024-22062 (There is a permissions and access control vulnerability in 
ZXCLOUD IRA ...)
+       TODO: check
 CVE-2024-37372
        - nodejs <not-affected> (Only affect Node.js on Windows)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#permission-model-improperly-processes-unc-paths-cve-2024-37372---low
@@ -7,7 +125,7 @@ CVE-2024-22018
 CVE-2024-36137
        - nodejs <unfixed>
        NOTE: 
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#fsfchownfchmod-bypasses-permission-model-cve-2024-36137---low
-CVE-2024-22020
+CVE-2024-22020 (A security flaw in Node.js  allows a bypass of network import 
restrict ...)
        - nodejs <unfixed>
        NOTE: 
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#bypass-network-import-restriction-via-data-url-cve-2024-22020---medium
 CVE-2024-6580 (The /n software IPWorks SSH library SFTPServer component can be 
induce ...)
@@ -2530,7 +2648,7 @@ CVE-2024-29868 (Use of Cryptographically Weak 
Pseudo-Random Number Generator (PR
        NOT-FOR-US: Apache StreamPipes
 CVE-2024-27136 (XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows 
the atta ...)
        - jspwiki <removed>
-CVE-2024-28882
+CVE-2024-28882 (OpenVPN 2.6.10 and earlier in a server role accepts multiple 
exit noti ...)
        - openvpn 2.6.11-1 (bug #1074488)
        NOTE: 
https://github.com/OpenVPN/openvpn/commit/65fb67cd6c320a426567b2922c4282fb8738ba3f
 (v2.6.11)
 CVE-2024-5594



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/252eefd72ea9d9a671362c9bab5b7f88a1fb3f01

-- 
This project does not include diff previews in email notifications.
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/252eefd72ea9d9a671362c9bab5b7f88a1fb3f01
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to