Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
56860f1f by security tracker role at 2024-07-12T08:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2024-6677 (Privilege escalation in uberAgent)
+ TODO: check
+CVE-2024-6625 (The WP Total Branding \u2013 Complete branding solution for
WordPress ...)
+ TODO: check
+CVE-2024-6588 (The PowerPress Podcasting plugin by Blubrry plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2024-6555 (The WP Popups \u2013 WordPress Popup builder plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-6468 (Vault and Vault Enterprise did not properly handle requests
originatin ...)
+ TODO: check
+CVE-2024-6396 (A vulnerability in the `_backup_run` function in aimhubio/aim
version ...)
+ TODO: check
+CVE-2024-6392 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for
WordPress ...)
+ TODO: check
+CVE-2024-6024 (The ContentLock WordPress plugin through 1.0.3 does not have
CSRF chec ...)
+ TODO: check
+CVE-2024-6023 (The ContentLock WordPress plugin through 1.0.3 does not have
CSRF chec ...)
+ TODO: check
+CVE-2024-6022 (The ContentLock WordPress plugin through 1.0.3 does not have
CSRF chec ...)
+ TODO: check
+CVE-2024-5811 (The Simple Video Directory WordPress plugin before 1.4.4 does
not sani ...)
+ TODO: check
+CVE-2024-5626 (The Inline Related Posts WordPress plugin before 3.7.0 does not
saniti ...)
+ TODO: check
+CVE-2024-4753 (The WP Secure Maintenance WordPress plugin before 1.7 does not
sanitis ...)
+ TODO: check
+CVE-2024-3112 (The Quotes and Tips by BestWebSoft WordPress plugin before 1.45
does n ...)
+ TODO: check
+CVE-2024-36435 (An issue was discovered on Supermicro BMC firmware in select
X11, X12, ...)
+ TODO: check
+CVE-2024-2696 (The socialdriver-framework WordPress plugin before 2024.04.30
does not ...)
+ TODO: check
+CVE-2024-2640 (The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise
and es ...)
+ TODO: check
+CVE-2024-2430 (The Website Content in Page or Post WordPress plugin before
2024.04.09 ...)
+ TODO: check
+CVE-2024-1375 (The Event post plugin for WordPress is vulnerable to
unauthorized bulk ...)
+ TODO: check
+CVE-2024-0974 (The Social Media Widget WordPress plugin before 4.0.9 does not
sanitis ...)
+ TODO: check
CVE-2024-6681 (A vulnerability, which was classified as critical, has been
found in w ...)
TODO: check
CVE-2024-6680 (A vulnerability classified as critical was found in witmy
my-springsec ...)
@@ -345,7 +385,7 @@ CVE-2023-33859 (IBM Security QRadar EDR 3.12 could disclose
sensitive informatio
NOT-FOR-US: IBM
CVE-2024-6550 (The Gravity Forms: Multiple Form Instances plugin for WordPress
is vul ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-6433 (Relative Path Traversal in GitHub repository stitionai/devika
prior to ...)
+CVE-2024-6433 (The application zips all the files in the folder specified by
the user ...)
NOT-FOR-US: stitionai/devika
CVE-2024-6422 (An unauthenticated remote attacker can manipulate the device
via Telne ...)
NOT-FOR-US: Pepperl+Fuchs SE
@@ -1358,7 +1398,7 @@ CVE-2024-5793 (The Houzez Theme - Functionality plugin
for WordPress is vulnerab
CVE-2024-5569 (A Denial of Service (DoS) vulnerability exists in the
jaraco/zipp libr ...)
- python-zipp 3.19.2-1
NOTE:
https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd
(v3.19.1)
-CVE-2024-5549 (Origin Validation Error in GitHub repository stitionai/devika
prior to ...)
+CVE-2024-5549 (A CORS misconfiguration in the stitionai/devika repository
allows atta ...)
NOT-FOR-US: stitionai/devika
CVE-2024-5488 (The SEOPress WordPress plugin before 7.9 does not properly
protect so ...)
NOT-FOR-US: WordPress plugin
@@ -1571,7 +1611,7 @@ CVE-2023-34435 (A firmware update vulnerability exists in
the boa formUpload fun
NOT-FOR-US: Realtek rtl819x Jungle SDK
CVE-2024-6539 (A vulnerability classified as problematic has been found in
heyewei Sp ...)
NOT-FOR-US: heyewei SpringBootCMS
-CVE-2024-5711 (Cross-site Scripting (XSS) - Stored in GitHub repository
stitionai/dev ...)
+CVE-2024-5711 (A stored Cross-Site Scripting (XSS) vulnerability exists in the
stitio ...)
NOT-FOR-US: stitionai/devika
CVE-2024-39723 (IBM FlashSystem 5300 USB ports may be usable even if the port
has been ...)
NOT-FOR-US: IBM
@@ -1933,9 +1973,9 @@ CVE-2024-6126 (A flaw was found in the cockpit package.
This flaw allows an auth
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2290859
CVE-2024-6052 (Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29,
2.1.0p45, and ...)
- check-mk <removed>
-CVE-2024-5887 (Cross-Site Request Forgery (CSRF) in stitionai/devika)
+CVE-2024-5887 (A Cross-Site Request Forgery (CSRF) vulnerability exists in
stitionai/ ...)
NOT-FOR-US: stitionai/devika
-CVE-2024-5821 (Improper Access Control in stitionai/devika)
+CVE-2024-5821 (The vulnerability allows an attacker to access sensitive files
on the ...)
NOT-FOR-US: stitionai/devika
CVE-2024-5672 (A high privileged remote attacker canexecute arbitrary system
commands ...)
NOT-FOR-US: Red Lion Europe GmbH
@@ -2723,7 +2763,7 @@ CVE-2024-6415 (A vulnerability classified as problematic
was found in Ingenico E
NOT-FOR-US: ngenico Estate Manager
CVE-2024-6414 (A vulnerability classified as problematic has been found in
Parsec Aut ...)
NOT-FOR-US: Parsec Automation TrakSYS
-CVE-2024-5926 (Path Traversal: '\..\filename' in GitHub repository
stitionai/devika p ...)
+CVE-2024-5926 (A path traversal vulnerability in the get-project-files
functionality ...)
NOT-FOR-US: stitionai/devika
CVE-2024-39848 (Internet2 Grouper before 5.6 allows authentication bypass when
LDAP au ...)
NOT-FOR-US: Internet2 Grouper
@@ -2794,7 +2834,7 @@ CVE-2024-5736 (Server Side Request Forgery (SSRF)
vulnerability in AdmirorFrames
NOT-FOR-US: AdmirorFrames Joomla! extension
CVE-2024-5735 (Full Path Disclosure vulnerability in AdmirorFrames Joomla!
extension ...)
NOT-FOR-US: AdmirorFrames Joomla! extension
-CVE-2024-5712 (Cross-Site Request Forgery (CSRF) in stitionai/devika)
+CVE-2024-5712 (A Cross-Site Request Forgery (CSRF) vulnerability was
identified in th ...)
NOT-FOR-US: stitionai/devika
CVE-2024-5662 (The Ultimate Post Kit Addons For Elementor \u2013 (Post Grid,
Post Car ...)
NOT-FOR-US: WordPress plugin
@@ -3036,7 +3076,7 @@ CVE-2024-5824 (A path traversal vulnerability in the
`/set_personality_config` e
NOT-FOR-US: parisneo/lollms
CVE-2024-5822 (A Server-Side Request Forgery (SSRF) vulnerability exists in
the uploa ...)
NOT-FOR-US: gaizhenbiao/ChuanhuChatGPT
-CVE-2024-5820 (Missing Authorization in stitionai/devika)
+CVE-2024-5820 (An unprotected WebSocket connection in the latest version of
stitionai ...)
NOT-FOR-US: stitionai/devika
CVE-2024-5755 (In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass
email v ...)
NOT-FOR-US: lunary-ai/lunary
@@ -3046,11 +3086,11 @@ CVE-2024-5714 (In lunary-ai/lunary version 1.2.4, an
improper access control vul
NOT-FOR-US: lunary-ai/lunary
CVE-2024-5710 (berriai/litellm version 1.34.34 is vulnerable to improper
access contr ...)
NOT-FOR-US: BerriAI/litellm
-CVE-2024-5548 (Path Traversal in GitHub repository stitionai/devika prior to
-.)
+CVE-2024-5548 (A directory traversal vulnerability exists in the
stitionai/devika rep ...)
NOT-FOR-US: stitionai/devika
-CVE-2024-5547 (Relative Path Traversal in GitHub repository stitionai/devika
prior to ...)
+CVE-2024-5547 (A directory traversal vulnerability exists in the
/api/download-projec ...)
NOT-FOR-US: stitionai/devika
-CVE-2024-5334 (External Control of File Name or Path in GitHub repository
stitionai/d ...)
+CVE-2024-5334 (A local file read vulnerability exists in the stitionai/devika
reposit ...)
NOT-FOR-US: stitionai/devika
CVE-2024-4983 (The The Plus Addons for Elementor \u2013 Elementor Addons, Page
Templa ...)
NOT-FOR-US: WordPress plugin
@@ -174566,8 +174606,8 @@ CVE-2022-29948 (Due to an insecure design, the Lepin
EP-KP001 flash drive throug
NOT-FOR-US: Lepin
CVE-2022-29947 (Woodpecker before 0.15.1 allows XSS via build logs because
web/src/com ...)
- woodpecker <itp> (bug #1008934)
-CVE-2022-29946
- RESERVED
+CVE-2022-29946 (NATS.io NATS Server before 2.8.2 and Streaming Server before
0.24.6 co ...)
+ TODO: check
CVE-2022-29945 (DJI drone devices sold in 2017 through 2022 broadcast
unencrypted info ...)
NOT-FOR-US: DJI drone devices
CVE-2022-29944 (An issue was discovered in ONOS 2.5.1. There is an incorrect
compariso ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56860f1f8210e367df4da62aadf481bd11e9151b
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56860f1f8210e367df4da62aadf481bd11e9151b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
