[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 15 09:12:14 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f33239cd by security tracker role at 2024-04-15T08:12:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,189 @@
+CVE-2024-3778 (The file upload functionality of Ai3 QbiBot does not properly restrict ...)
+ TODO: check
+CVE-2024-3777 (The password reset feature of Ai3 QbiBot lacks proper access control, ...)
+ TODO: check
+CVE-2024-3776 (The parameter used in the login page of Netvision airPASS is not prope ...)
+ TODO: check
+CVE-2024-3775 (aEnrich Technology a+HRD's functionality for downloading files using y ...)
+ TODO: check
+CVE-2024-3774 (aEnrich Technology a+HRD's functionality for front-end retrieval of sy ...)
+ TODO: check
+CVE-2024-3772 (Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 all ...)
+ TODO: check
+CVE-2024-3771 (A vulnerability was found in PHPGurukul Student Record System 3.20 and ...)
+ TODO: check
+CVE-2024-3770 (A vulnerability has been found in PHPGurukul Student Record System 3.2 ...)
+ TODO: check
+CVE-2024-3769 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2024-3768 (A vulnerability, which was classified as critical, has been found in P ...)
+ TODO: check
+CVE-2024-3767 (A vulnerability classified as critical was found in PHPGurukul News Po ...)
+ TODO: check
+CVE-2024-3766 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2024-3765 (A vulnerability classified as critical was found in Xiongmai AHB7804R- ...)
+ TODO: check
+CVE-2024-3764 (A vulnerability classified as problematic has been found in Tuya Camer ...)
+ TODO: check
+CVE-2024-3763 (A vulnerability was found in Emlog Pro 2.2.10. It has been rated as pr ...)
+ TODO: check
+CVE-2024-3762 (A vulnerability was found in Emlog Pro 2.2.10. It has been declared as ...)
+ TODO: check
+CVE-2024-3701 (The system application (com.transsion.kolun.aiservice) component does ...)
+ TODO: check
+CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to ...)
+ TODO: check
+CVE-2024-32489 (TCPDF before 6.7.4 mishandles calls that use HTML syntax.)
+ TODO: check
+CVE-2024-32488 (In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalati ...)
+ TODO: check
+CVE-2024-32454 (Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appoi ...)
+ TODO: check
+CVE-2024-32453 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32452 (Cross-Site Request Forgery (CSRF) vulnerability in WP EasyCart.This is ...)
+ TODO: check
+CVE-2024-32451 (Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages.T ...)
+ TODO: check
+CVE-2024-32450 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team WpT ...)
+ TODO: check
+CVE-2024-32449 (Cross-Site Request Forgery (CSRF) vulnerability in MagniGenie RestroPr ...)
+ TODO: check
+CVE-2024-32448 (Cross-Site Request Forgery (CSRF) vulnerability in VideoYield.Com Ads. ...)
+ TODO: check
+CVE-2024-32447 (Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Tea ...)
+ TODO: check
+CVE-2024-32446 (Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet Sy ...)
+ TODO: check
+CVE-2024-32445 (Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team We ...)
+ TODO: check
+CVE-2024-32443 (Cross-Site Request Forgery (CSRF) vulnerability in IP2Location Downloa ...)
+ TODO: check
+CVE-2024-32442 (Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This ...)
+ TODO: check
+CVE-2024-32441 (Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This ...)
+ TODO: check
+CVE-2024-32440 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgar ...)
+ TODO: check
+CVE-2024-32439 (Cross-Site Request Forgery (CSRF) vulnerability in SwitchWP WP Client ...)
+ TODO: check
+CVE-2024-32438 (Cross-Site Request Forgery (CSRF) vulnerability in cleverplugins.Com S ...)
+ TODO: check
+CVE-2024-32431 (Deserialization of Untrusted Data vulnerability in WP All Import Impor ...)
+ TODO: check
+CVE-2024-32430 (Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.Thi ...)
+ TODO: check
+CVE-2024-32429 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32428 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32149 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32147 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32145 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32140 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32139 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-32138 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32137 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-32136 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-32135 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-32134 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-32133 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32132 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-32128 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-32127 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-32125 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-32098 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-32087 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-32082 (Cross-Site Request Forgery (CSRF) vulnerability in kp4coder Sync Post ...)
+ TODO: check
+CVE-2024-32079 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Kaloyan K. Tsvetkov ...)
+ TODO: check
+CVE-2024-31086 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change de ...)
+ TODO: check
+CVE-2024-30545 (Cross-Site Request Forgery (CSRF) vulnerability in Nick Powers Social ...)
+ TODO: check
+CVE-2024-2858 (The Simple Buttons Creator WordPress plugin through 1.04 does not have ...)
+ TODO: check
+CVE-2024-2857 (The Simple Buttons Creator WordPress plugin through 1.04 does not have ...)
+ TODO: check
+CVE-2024-2836 (The Social Share, Social Login and Social Comments Plugin WordPress p ...)
+ TODO: check
+CVE-2024-2739 (The Advanced Search WordPress plugin through 1.1.6 does not have CSRF ...)
+ TODO: check
+CVE-2024-29844 (Default credentials on the Web Interface of Evolution Controller 2.x ( ...)
+ TODO: check
+CVE-2024-29843 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
+ TODO: check
+CVE-2024-29842 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
+ TODO: check
+CVE-2024-29841 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
+ TODO: check
+CVE-2024-29840 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
+ TODO: check
+CVE-2024-29839 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
+ TODO: check
+CVE-2024-29838 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
+ TODO: check
+CVE-2024-29837 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
+ TODO: check
+CVE-2024-29836 (The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 ...)
+ TODO: check
+CVE-2024-27462
+ REJECTED
+CVE-2024-1849 (The WP Customer Reviews WordPress plugin before 3.7.1 does not validat ...)
+ TODO: check
+CVE-2024-1846 (The Responsive Tabs WordPress plugin before 4.0.7 does not validate an ...)
+ TODO: check
+CVE-2024-1755 (The NPS computy WordPress plugin through 2.7.5 does not have CSRF chec ...)
+ TODO: check
+CVE-2024-1754 (The NPS computy WordPress plugin through 2.7.5 does not sanitise and e ...)
+ TODO: check
+CVE-2024-1746 (The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise ...)
+ TODO: check
+CVE-2024-1712 (The Carousel Slider WordPress plugin before 2.2.7 does not sanitise an ...)
+ TODO: check
+CVE-2024-1660 (The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape ...)
+ TODO: check
+CVE-2024-1655 (Certain ASUS WiFi routers models has an OS Command Injection vulnerabi ...)
+ TODO: check
+CVE-2024-1310 (The WooCommerce WordPress plugin before 8.6 does not prevent users wit ...)
+ TODO: check
+CVE-2024-1307 (The Smart Forms WordPress plugin before 2.6.94 does not have proper a ...)
+ TODO: check
+CVE-2024-1306 (The Smart Forms WordPress plugin before 2.6.94 does not have CSRF che ...)
+ TODO: check
+CVE-2024-1204 (The Meta Box WordPress plugin before 5.9.4 does not prevent users wit ...)
+ TODO: check
+CVE-2024-0902 (The Fancy Product Designer WordPress plugin before 6.1.81 does not san ...)
+ TODO: check
+CVE-2024-0399 (The WooCommerce Customers Manager WordPress plugin before 29.7 does no ...)
+ TODO: check
+CVE-2023-7201 (The Everest Backup WordPress plugin before 2.2.5 does not properly va ...)
+ TODO: check
+CVE-2023-6067 (The WP User Profile Avatar WordPress plugin through 1.0.1 does not val ...)
+ TODO: check
+CVE-2023-52144 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2024-3508
NOT-FOR-US: Bombastic's use of bzip2
CVE-2024-3651 [potential DoS via resource consumption via specially crafted inputs to idna.encode()]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f33239cd964917b07b84fbd0a242390e8bf0d424
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f33239cd964917b07b84fbd0a242390e8bf0d424
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240415/d08f969b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list