Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
252eefd7 by security tracker role at 2024-07-09T08:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2024-6365 (The Product Table by WBW plugin for WordPress is vulnerable to
Remote ...)
+ TODO: check
+CVE-2024-6334 (The Easy Table of Contents WordPress plugin before 2.0.67.1
does not s ...)
+ TODO: check
+CVE-2024-6321 (The ScrollTo Bottom plugin for WordPress is vulnerable to
Cross-Site R ...)
+ TODO: check
+CVE-2024-6320 (The ScrollTo Top plugin for WordPress is vulnerable to
Cross-Site Requ ...)
+ TODO: check
+CVE-2024-6317 (The Generate PDF using Contact Form 7 plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-6316 (The Generate PDF using Contact Form 7 plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-6314 (The IQ Testimonials plugin for WordPress is vulnerable to
arbitrary fi ...)
+ TODO: check
+CVE-2024-6313 (The Gutenberg Forms plugin for WordPress is vulnerable to
arbitrary fi ...)
+ TODO: check
+CVE-2024-6310 (The Advanced AJAX Page Loader plugin for WordPress is
vulnerable to Cr ...)
+ TODO: check
+CVE-2024-6309 (The Attachment File Icons (AF Icons) plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-6180 (The EventON plugin for WordPress is vulnerable to unauthorized
modific ...)
+ TODO: check
+CVE-2024-6171 (The Unlimited Elements For Elementor (Free Widgets, Addons,
Templates) ...)
+ TODO: check
+CVE-2024-6170 (The Unlimited Elements For Elementor (Free Widgets, Addons,
Templates) ...)
+ TODO: check
+CVE-2024-6169 (The Unlimited Elements For Elementor (Free Widgets, Addons,
Templates) ...)
+ TODO: check
+CVE-2024-6166 (The Unlimited Elements For Elementor (Free Widgets, Addons,
Templates) ...)
+ TODO: check
+CVE-2024-6161 (The Default Thumbnail Plus plugin for WordPress is vulnerable
to arbit ...)
+ TODO: check
+CVE-2024-6123 (The Bit Form plugin for WordPress is vulnerable to arbitrary
file uplo ...)
+ TODO: check
+CVE-2024-5974 (A buffer overflow in WatchGuard Fireware OS could may allow an
authent ...)
+ TODO: check
+CVE-2024-5971 (A vulnerability was found in Undertow, where the chunked
response hang ...)
+ TODO: check
+CVE-2024-5881 (The Webico Slider Flatsome Addons plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-5855 (The Media Hygiene: Remove or Delete Unused Images and More!
plugin for ...)
+ TODO: check
+CVE-2024-5802 (The URL Shortener by Myhop WordPress plugin through 1.0.17 does
not sa ...)
+ TODO: check
+CVE-2024-5793 (The Houzez Theme - Functionality plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-5569 (A Denial of Service (DoS) vulnerability exists in the
jaraco/zipp libr ...)
+ TODO: check
+CVE-2024-5549 (Origin Validation Error in GitHub repository stitionai/devika
prior to ...)
+ TODO: check
+CVE-2024-5488 (The SEOPress WordPress plugin before 7.9 does not properly
protect so ...)
+ TODO: check
+CVE-2024-5441 (The Modern Events Calendar plugin for WordPress is vulnerable
to arbit ...)
+ TODO: check
+CVE-2024-4944 (A local privilege escalation vlnerability in the WatchGuard
Mobile VPN ...)
+ TODO: check
+CVE-2024-4667 (The Blog, Posts and Category Filter for Elementor plugin for
WordPress ...)
+ TODO: check
+CVE-2024-3653 (A vulnerability was found in Undertow. This issue requires
enabling th ...)
+ TODO: check
+CVE-2024-3410 (The DN Footer Contacts WordPress plugin before 1.6.3 does not
sanitise ...)
+ TODO: check
+CVE-2024-39600 (Under certain conditions, the memory of SAP GUI for Windows
contains t ...)
+ TODO: check
+CVE-2024-39599 (Due to a Protection Mechanism Failure in SAP NetWeaver
Application Ser ...)
+ TODO: check
+CVE-2024-39598 (SAP CRM (WebClient UI Framework) allows an authenticated
attacker to e ...)
+ TODO: check
+CVE-2024-39597 (In SAP Commerce, a user can misuse the forgotten password
functionalit ...)
+ TODO: check
+CVE-2024-39596 (Due to missing authorization checks, SAP Enable Now allows an
author t ...)
+ TODO: check
+CVE-2024-39595 (SAP Business Warehouse - Business Planning and Simulation
application ...)
+ TODO: check
+CVE-2024-39594 (SAP Business Warehouse - Business Planning and Simulation
application ...)
+ TODO: check
+CVE-2024-39593 (SAP Landscape Management allows an authenticated user to read
confiden ...)
+ TODO: check
+CVE-2024-39592 (Elements of PDCE does not perform necessary authorization
checks for a ...)
+ TODO: check
+CVE-2024-38372 (Undici is an HTTP/1.1 client, written from scratch for
Node.js. Depend ...)
+ TODO: check
+CVE-2024-37923 (Cross-Site Request Forgery (CSRF) vulnerability in Cliengo
\u2013 Chat ...)
+ TODO: check
+CVE-2024-37555 (Unrestricted Upload of File with Dangerous Type vulnerability
in Zealo ...)
+ TODO: check
+CVE-2024-37180 (Under certain conditions SAP NetWeaver Application Server for
ABAP and ...)
+ TODO: check
+CVE-2024-37175 (SAP CRM WebClient does not perform necessary authorization
check for a ...)
+ TODO: check
+CVE-2024-37174 (Custom CSS support option in SAP CRM WebClient UI does not
sufficientl ...)
+ TODO: check
+CVE-2024-37173 (Due to insufficient input validation, SAP CRM WebClient UI
allows an ...)
+ TODO: check
+CVE-2024-37172 (SAP S/4HANA Finance (Advanced Payment Management) does not
perform nec ...)
+ TODO: check
+CVE-2024-37171 (SAP Transportation Management (Collaboration Portal) allows an
attacke ...)
+ TODO: check
+CVE-2024-34786 (UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd
Generation ...)
+ TODO: check
+CVE-2024-34692 (Due to missing verification of file type or content, SAP
Enable Now al ...)
+ TODO: check
+CVE-2024-34689 (WebFlow Services of SAP Business Workflow allows an
authenticated atta ...)
+ TODO: check
+CVE-2024-34685 (Due to weak encoding of user-controlled input in SAP NetWeaver
Knowled ...)
+ TODO: check
+CVE-2024-28751 (An high privileged remote attacker can enable telnet access
that accep ...)
+ TODO: check
+CVE-2024-28750 (A remote attacker with high privileges may use a deleting file
functio ...)
+ TODO: check
+CVE-2024-28749 (A remote attacker with high privileges may use a writing file
function ...)
+ TODO: check
+CVE-2024-28748 (A remote attacker with high privileges may use a reading file
function ...)
+ TODO: check
+CVE-2024-28747 (An unauthenticated remote attacker can use the hard-coded
credentials ...)
+ TODO: check
+CVE-2024-22062 (There is a permissions and access control vulnerability in
ZXCLOUD IRA ...)
+ TODO: check
CVE-2024-37372
- nodejs <not-affected> (Only affect Node.js on Windows)
NOTE:
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#permission-model-improperly-processes-unc-paths-cve-2024-37372---low
@@ -7,7 +125,7 @@ CVE-2024-22018
CVE-2024-36137
- nodejs <unfixed>
NOTE:
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#fsfchownfchmod-bypasses-permission-model-cve-2024-36137---low
-CVE-2024-22020
+CVE-2024-22020 (A security flaw in Node.js allows a bypass of network import
restrict ...)
- nodejs <unfixed>
NOTE:
https://nodejs.org/en/blog/vulnerability/july-2024-security-releases#bypass-network-import-restriction-via-data-url-cve-2024-22020---medium
CVE-2024-6580 (The /n software IPWorks SSH library SFTPServer component can be
induce ...)
@@ -2530,7 +2648,7 @@ CVE-2024-29868 (Use of Cryptographically Weak
Pseudo-Random Number Generator (PR
NOT-FOR-US: Apache StreamPipes
CVE-2024-27136 (XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows
the atta ...)
- jspwiki <removed>
-CVE-2024-28882
+CVE-2024-28882 (OpenVPN 2.6.10 and earlier in a server role accepts multiple
exit noti ...)
- openvpn 2.6.11-1 (bug #1074488)
NOTE:
https://github.com/OpenVPN/openvpn/commit/65fb67cd6c320a426567b2922c4282fb8738ba3f
(v2.6.11)
CVE-2024-5594
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/252eefd72ea9d9a671362c9bab5b7f88a1fb3f01
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/252eefd72ea9d9a671362c9bab5b7f88a1fb3f01
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
