Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 252eefd7 by security tracker role at 2024-07-09T08:12:09+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,121 @@ +CVE-2024-6365 (The Product Table by WBW plugin for WordPress is vulnerable to Remote ...) + TODO: check +CVE-2024-6334 (The Easy Table of Contents WordPress plugin before 2.0.67.1 does not s ...) + TODO: check +CVE-2024-6321 (The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site R ...) + TODO: check +CVE-2024-6320 (The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Requ ...) + TODO: check +CVE-2024-6317 (The Generate PDF using Contact Form 7 plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-6316 (The Generate PDF using Contact Form 7 plugin for WordPress is vulnerab ...) + TODO: check +CVE-2024-6314 (The IQ Testimonials plugin for WordPress is vulnerable to arbitrary fi ...) + TODO: check +CVE-2024-6313 (The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary fi ...) + TODO: check +CVE-2024-6310 (The Advanced AJAX Page Loader plugin for WordPress is vulnerable to Cr ...) + TODO: check +CVE-2024-6309 (The Attachment File Icons (AF Icons) plugin for WordPress is vulnerabl ...) + TODO: check +CVE-2024-6180 (The EventON plugin for WordPress is vulnerable to unauthorized modific ...) + TODO: check +CVE-2024-6171 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-6170 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-6169 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-6166 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2024-6161 (The Default Thumbnail Plus plugin for WordPress is vulnerable to arbit ...) + TODO: check +CVE-2024-6123 (The Bit Form plugin for WordPress is vulnerable to arbitrary file uplo ...) + TODO: check +CVE-2024-5974 (A buffer overflow in WatchGuard Fireware OS could may allow an authent ...) + TODO: check +CVE-2024-5971 (A vulnerability was found in Undertow, where the chunked response hang ...) + TODO: check +CVE-2024-5881 (The Webico Slider Flatsome Addons plugin for WordPress is vulnerable t ...) + TODO: check +CVE-2024-5855 (The Media Hygiene: Remove or Delete Unused Images and More! plugin for ...) + TODO: check +CVE-2024-5802 (The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sa ...) + TODO: check +CVE-2024-5793 (The Houzez Theme - Functionality plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2024-5569 (A Denial of Service (DoS) vulnerability exists in the jaraco/zipp libr ...) + TODO: check +CVE-2024-5549 (Origin Validation Error in GitHub repository stitionai/devika prior to ...) + TODO: check +CVE-2024-5488 (The SEOPress WordPress plugin before 7.9 does not properly protect so ...) + TODO: check +CVE-2024-5441 (The Modern Events Calendar plugin for WordPress is vulnerable to arbit ...) + TODO: check +CVE-2024-4944 (A local privilege escalation vlnerability in the WatchGuard Mobile VPN ...) + TODO: check +CVE-2024-4667 (The Blog, Posts and Category Filter for Elementor plugin for WordPress ...) + TODO: check +CVE-2024-3653 (A vulnerability was found in Undertow. This issue requires enabling th ...) + TODO: check +CVE-2024-3410 (The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise ...) + TODO: check +CVE-2024-39600 (Under certain conditions, the memory of SAP GUI for Windows contains t ...) + TODO: check +CVE-2024-39599 (Due to a Protection Mechanism Failure in SAP NetWeaver Application Ser ...) + TODO: check +CVE-2024-39598 (SAP CRM (WebClient UI Framework) allows an authenticated attacker to e ...) + TODO: check +CVE-2024-39597 (In SAP Commerce, a user can misuse the forgotten password functionalit ...) + TODO: check +CVE-2024-39596 (Due to missing authorization checks, SAP Enable Now allows an author t ...) + TODO: check +CVE-2024-39595 (SAP Business Warehouse - Business Planning and Simulation application ...) + TODO: check +CVE-2024-39594 (SAP Business Warehouse - Business Planning and Simulation application ...) + TODO: check +CVE-2024-39593 (SAP Landscape Management allows an authenticated user to read confiden ...) + TODO: check +CVE-2024-39592 (Elements of PDCE does not perform necessary authorization checks for a ...) + TODO: check +CVE-2024-38372 (Undici is an HTTP/1.1 client, written from scratch for Node.js. Depend ...) + TODO: check +CVE-2024-37923 (Cross-Site Request Forgery (CSRF) vulnerability in Cliengo \u2013 Chat ...) + TODO: check +CVE-2024-37555 (Unrestricted Upload of File with Dangerous Type vulnerability in Zealo ...) + TODO: check +CVE-2024-37180 (Under certain conditions SAP NetWeaver Application Server for ABAP and ...) + TODO: check +CVE-2024-37175 (SAP CRM WebClient does not perform necessary authorization check for a ...) + TODO: check +CVE-2024-37174 (Custom CSS support option in SAP CRM WebClient UI does not sufficientl ...) + TODO: check +CVE-2024-37173 (Due to insufficient input validation, SAP CRM WebClient UI allows an ...) + TODO: check +CVE-2024-37172 (SAP S/4HANA Finance (Advanced Payment Management) does not perform nec ...) + TODO: check +CVE-2024-37171 (SAP Transportation Management (Collaboration Portal) allows an attacke ...) + TODO: check +CVE-2024-34786 (UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation ...) + TODO: check +CVE-2024-34692 (Due to missing verification of file type or content, SAP Enable Now al ...) + TODO: check +CVE-2024-34689 (WebFlow Services of SAP Business Workflow allows an authenticated atta ...) + TODO: check +CVE-2024-34685 (Due to weak encoding of user-controlled input in SAP NetWeaver Knowled ...) + TODO: check +CVE-2024-28751 (An high privileged remote attacker can enable telnet access that accep ...) + TODO: check +CVE-2024-28750 (A remote attacker with high privileges may use a deleting file functio ...) + TODO: check +CVE-2024-28749 (A remote attacker with high privileges may use a writing file function ...) + TODO: check +CVE-2024-28748 (A remote attacker with high privileges may use a reading file function ...) + TODO: check +CVE-2024-28747 (An unauthenticated remote attacker can use the hard-coded credentials ...) + TODO: check +CVE-2024-22062 (There is a permissions and access control vulnerability in ZXCLOUD IRA ...) + TODO: check CVE-2024-37372 - nodejs <not-affected> (Only affect Node.js on Windows) NOTE: https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#permission-model-improperly-processes-unc-paths-cve-2024-37372---low @@ -7,7 +125,7 @@ CVE-2024-22018 CVE-2024-36137 - nodejs <unfixed> NOTE: https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#fsfchownfchmod-bypasses-permission-model-cve-2024-36137---low -CVE-2024-22020 +CVE-2024-22020 (A security flaw in Node.js allows a bypass of network import restrict ...) - nodejs <unfixed> NOTE: https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#bypass-network-import-restriction-via-data-url-cve-2024-22020---medium CVE-2024-6580 (The /n software IPWorks SSH library SFTPServer component can be induce ...) @@ -2530,7 +2648,7 @@ CVE-2024-29868 (Use of Cryptographically Weak Pseudo-Random Number Generator (PR NOT-FOR-US: Apache StreamPipes CVE-2024-27136 (XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the atta ...) - jspwiki <removed> -CVE-2024-28882 +CVE-2024-28882 (OpenVPN 2.6.10 and earlier in a server role accepts multiple exit noti ...) - openvpn 2.6.11-1 (bug #1074488) NOTE: https://github.com/OpenVPN/openvpn/commit/65fb67cd6c320a426567b2922c4282fb8738ba3f (v2.6.11) CVE-2024-5594 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/252eefd72ea9d9a671362c9bab5b7f88a1fb3f01 -- This project does not include diff previews in email notifications. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/252eefd72ea9d9a671362c9bab5b7f88a1fb3f01 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits