[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 25 Sep 2024 01:12:48 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fe6bb167 by security tracker role at 2024-09-25T08:12:34+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,108 @@
+CVE-2024-9073 (The GutenGeek Free Gutenberg Blocks for WordPress plugin for 
WordPress ...)
+       TODO: check
+CVE-2024-9069 (The Graphicsly \u2013 The ultimate graphics plugin for 
WordPress websi ...)
+       TODO: check
+CVE-2024-9068 (The OneElements \u2013 Best Elementor Addons plugin for 
WordPress is v ...)
+       TODO: check
+CVE-2024-9028 (The WP GPX Maps plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2024-9027 (The WPZOOM Shortcodes plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2024-9024 (The Material Design Icons plugin for WordPress is vulnerable to 
Stored ...)
+       TODO: check
+CVE-2024-8910 (The HT Mega \u2013 Absolute Addons For Elementor plugin for 
WordPress  ...)
+       TODO: check
+CVE-2024-8741 (The Beam me up Scotty \u2013 Back to Top Button plugin for 
WordPress i ...)
+       TODO: check
+CVE-2024-8713 (The Kodex Posts likes plugin for WordPress is vulnerable to 
Reflected  ...)
+       TODO: check
+CVE-2024-8678 (The Revolut Gateway for WooCommerce plugin for WordPress is 
vulnerable ...)
+       TODO: check
+CVE-2024-8668 (The ShopLentor \u2013 WooCommerce Builder for Elementor & 
Gutenberg +1 ...)
+       TODO: check
+CVE-2024-8658 (The myCred \u2013 Loyalty Points and Rewards plugin for 
WordPress and  ...)
+       TODO: check
+CVE-2024-8621 (The Daily Prayer Time plugin for WordPress is vulnerable to SQL 
Inject ...)
+       TODO: check
+CVE-2024-8549 (The Simple Calendar \u2013 Google Calendar Plugin plugin for 
WordPress ...)
+       TODO: check
+CVE-2024-8516 (The Themesflat Addons For Elementor plugin for WordPress is 
vulnerable ...)
+       TODO: check
+CVE-2024-8515 (The Themesflat Addons For Elementor plugin for WordPress is 
vulnerable ...)
+       TODO: check
+CVE-2024-8514 (The Prisna GWT \u2013 Google Website Translator plugin for 
WordPress i ...)
+       TODO: check
+CVE-2024-8497 (Franklin Fueling Systems TS-550 EVO versions prior to 
2.26.4.8967 poss ...)
+       TODO: check
+CVE-2024-8485 (The REST API TO MiniProgram plugin for WordPress is vulnerable 
to priv ...)
+       TODO: check
+CVE-2024-8484 (The REST API TO MiniProgram plugin for WordPress is vulnerable 
to SQL  ...)
+       TODO: check
+CVE-2024-8483 (The MAS Static Content plugin for WordPress is vulnerable to 
Informati ...)
+       TODO: check
+CVE-2024-8481 (The The Special Text Boxes plugin for WordPress is vulnerable 
to arbit ...)
+       TODO: check
+CVE-2024-8476 (The Easy PayPal Events plugin for WordPress is vulnerable to 
Cross-Sit ...)
+       TODO: check
+CVE-2024-8434 (The Easy Mega Menu Plugin for WordPress \u2013 ThemeHunk plugin 
for Wo ...)
+       TODO: check
+CVE-2024-8350 (The Uncanny Groups for LearnDash plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2024-8349 (The Uncanny Groups for LearnDash plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2024-8291 (Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are 
vulnerable t ...)
+       TODO: check
+CVE-2024-8290 (The WCFM \u2013 Frontend Manager for WooCommerce along with 
Bookings S ...)
+       TODO: check
+CVE-2024-8275 (The The Events Calendar plugin for WordPress is vulnerable to 
SQL Inje ...)
+       TODO: check
+CVE-2024-8175 (An unauthenticated remote attacker cancauses the CODESYS web 
server to ...)
+       TODO: check
+CVE-2024-7892 (The adstxt Plugin WordPress plugin through 1.0.0 does not have 
CSRF ch ...)
+       TODO: check
+CVE-2024-7878 (The WP ULike  WordPress plugin before 4.7.4 does not sanitise 
and esca ...)
+       TODO: check
+CVE-2024-7617 (The Contact Form to Any API plugin for WordPress is vulnerable 
to Stor ...)
+       TODO: check
+CVE-2024-7491 (The HUSKY \u2013 Products Filter Professional for WooCommerce 
plugin f ...)
+       TODO: check
+CVE-2024-7426 (The Community by PeepSo \u2013 Social Network, Membership, 
Registratio ...)
+       TODO: check
+CVE-2024-7398 (Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 
are vu ...)
+       TODO: check
+CVE-2024-7386 (The Premium Packages \u2013 Sell Digital Products Securely 
plugin for  ...)
+       TODO: check
+CVE-2024-7385 (The WordPress Simple HTML Sitemap plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2024-6845 (The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not 
have p ...)
+       TODO: check
+CVE-2024-6590 (The Spreadsheet Integration \u2013 Automate Google Sheets With 
WordPre ...)
+       TODO: check
+CVE-2024-47303 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2024-46612 (IceCMS v3.4.7 and before was discovered to contain a hardcoded 
JWT key ...)
+       TODO: check
+CVE-2024-45373 (Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user 
can chang ...)
+       TODO: check
+CVE-2024-45066 (A specially crafted POST request to the ProGauge MAGLINK LX 
CONSOLE IP ...)
+       TODO: check
+CVE-2024-43693 (A specially crafted POST request to the ProGauge MAGLINK LX 
CONSOLE  U ...)
+       TODO: check
+CVE-2024-43692 (An attacker can directly request the ProGauge MAGLINK LX 
CONSOLE  reso ...)
+       TODO: check
+CVE-2024-43423 (The web application for ProGauge MAGLINK LX4 CONSOLE contains 
an  admi ...)
+       TODO: check
+CVE-2024-41725 (ProGauge MAGLINK LX CONSOLE does not have sufficient filtering 
on inpu ...)
+       TODO: check
+CVE-2024-40761 (Inadequate Encryption Strength vulnerability in Apache Answer. 
 This i ...)
+       TODO: check
+CVE-2024-3866 (The Ninja Forms Contact Form plugin for WordPress is vulnerable 
to Ref ...)
+       TODO: check
 CVE-2024-38809
        - libspring-java <unfixed> (unimportant)
        NOTE: https://spring.io/security/cve-2024-38809
        NOTE: Only supported for building applications shipped in Debian, see 
README.Debian.security
-CVE-2024-23454
+CVE-2024-23454 (Apache Hadoop\u2019s RunJar.run()does not set permissions for 
temporar ...)
        - hadoop <itp> (bug #793644)
 CVE-2024-9148 (Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability 
due to  ...)
        NOT-FOR-US: Flowise
@@ -196061,7 +196161,7 @@ CVE-2022-28614 (The ap_rwrite() function in Apache 
HTTP Server 2.4.53 and earlie
        NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/4
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614
        NOTE: 
https://github.com/apache/httpd/commit/8c14927162cf3b4f810683e1c5505e9ef9e1f123
-CVE-2022-28613 (A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi 
Energy RTU5 ...)
+CVE-2022-28613 (A vulnerability exists in the HCI Modbus TCP function included 
in the  ...)
        NOT-FOR-US: HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series 
CMU Firmware
 CVE-2022-28610
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe6bb167b05534898cda4d6837c04b7205e321b4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe6bb167b05534898cda4d6837c04b7205e321b4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to