[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 24 21:12:17 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cf25cd45 by security tracker role at 2024-04-24T20:11:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,269 @@
+CVE-2024-4141 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an in ...)
+ TODO: check
+CVE-2024-4127 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...)
+ TODO: check
+CVE-2024-4126 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...)
+ TODO: check
+CVE-2024-4125 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...)
+ TODO: check
+CVE-2024-4124 (A vulnerability, which was classified as critical, was found in Tenda ...)
+ TODO: check
+CVE-2024-4123 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2024-4122 (A vulnerability classified as critical was found in Tenda W15E 15.11.0 ...)
+ TODO: check
+CVE-2024-4121 (A vulnerability classified as critical has been found in Tenda W15E 15 ...)
+ TODO: check
+CVE-2024-4120 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated ...)
+ TODO: check
+CVE-2024-4119 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been declar ...)
+ TODO: check
+CVE-2024-4118 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been classi ...)
+ TODO: check
+CVE-2024-4117 (A vulnerability was found in Tenda W15E 15.11.0.14 and classified as c ...)
+ TODO: check
+CVE-2024-4116 (A vulnerability has been found in Tenda W15E 15.11.0.14 and classified ...)
+ TODO: check
+CVE-2024-4115 (A vulnerability, which was classified as critical, was found in Tenda ...)
+ TODO: check
+CVE-2024-4114 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2024-4113 (A vulnerability classified as critical was found in Tenda TX9 22.03.02 ...)
+ TODO: check
+CVE-2024-4112 (A vulnerability classified as critical has been found in Tenda TX9 22. ...)
+ TODO: check
+CVE-2024-4111 (A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated ...)
+ TODO: check
+CVE-2024-4093 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2024-4075 (A vulnerability classified as problematic has been found in Kashipara ...)
+ TODO: check
+CVE-2024-4074 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...)
+ TODO: check
+CVE-2024-4073 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...)
+ TODO: check
+CVE-2024-4072 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...)
+ TODO: check
+CVE-2024-4071 (A vulnerability was found in Kashipara Online Furniture Shopping Ecomm ...)
+ TODO: check
+CVE-2024-4070 (A vulnerability has been found in Kashipara Online Furniture Shopping ...)
+ TODO: check
+CVE-2024-4069 (A vulnerability, which was classified as critical, was found in Kaship ...)
+ TODO: check
+CVE-2024-4066 (A vulnerability classified as critical has been found in Tenda AC8 16. ...)
+ TODO: check
+CVE-2024-3371 (MongoDB Compass may accept and use insufficiently validated input from ...)
+ TODO: check
+CVE-2024-3261 (The Strong Testimonials WordPress plugin before 3.1.12 does not valida ...)
+ TODO: check
+CVE-2024-33531 (cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsi ...)
+ TODO: check
+CVE-2024-32958 (Cross-Site Request Forgery (CSRF) vulnerability in Giorgos Sarigiannid ...)
+ TODO: check
+CVE-2024-32956 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32955 (Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flo ...)
+ TODO: check
+CVE-2024-32954 (Unrestricted Upload of File with Dangerous Type vulnerability in Tribu ...)
+ TODO: check
+CVE-2024-32953 (Insertion of Sensitive Information into Log File vulnerability in News ...)
+ TODO: check
+CVE-2024-32952 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32951 (Missing Authorization vulnerability in BloomPixel Max Addons Pro for B ...)
+ TODO: check
+CVE-2024-32950 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32948 (Missing Authorization vulnerability in Repute Infosystems ARMember.Thi ...)
+ TODO: check
+CVE-2024-32947 (Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Se ...)
+ TODO: check
+CVE-2024-32879 (Python Social Auth is a social authentication/registration mechanism. ...)
+ TODO: check
+CVE-2024-32876 (NewPipe is an Android app for video streaming written in Java. It supp ...)
+ TODO: check
+CVE-2024-32875 (Hugo is a static site generator. Starting in version 0.123.0 and prior ...)
+ TODO: check
+CVE-2024-32872 (Umbraco workflow provides workflows for the Umbraco content management ...)
+ TODO: check
+CVE-2024-32869 (Hono is a Web application framework that provides support for any Java ...)
+ TODO: check
+CVE-2024-32866 (Conform, a type-safe form validation library, allows the parsing of ne ...)
+ TODO: check
+CVE-2024-32836 (Unrestricted Upload of File with Dangerous Type vulnerability in WP La ...)
+ TODO: check
+CVE-2024-32835 (Deserialization of Untrusted Data vulnerability in WebToffee Import Ex ...)
+ TODO: check
+CVE-2024-32834 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32833 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32825 (Insertion of Sensitive Information into Log File vulnerability in Patr ...)
+ TODO: check
+CVE-2024-32823 (Authorization Bypass Through User-Controlled Key vulnerability in Feed ...)
+ TODO: check
+CVE-2024-32819 (Server-Side Request Forgery (SSRF) vulnerability in Culqi.This issue a ...)
+ TODO: check
+CVE-2024-32817 (Deserialization of Untrusted Data vulnerability in Import and export u ...)
+ TODO: check
+CVE-2024-32816 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-32815 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32812 (Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Po ...)
+ TODO: check
+CVE-2024-32808 (Authorization Bypass Through User-Controlled Key vulnerability in Meta ...)
+ TODO: check
+CVE-2024-32806 (Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule Headline ...)
+ TODO: check
+CVE-2024-32803 (Server-Side Request Forgery (SSRF) vulnerability in 2day.Sk, Webikon S ...)
+ TODO: check
+CVE-2024-32801 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32796 (Insertion of Sensitive Information into Log File vulnerability in Very ...)
+ TODO: check
+CVE-2024-32795 (Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io \u ...)
+ TODO: check
+CVE-2024-32794 (Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pr ...)
+ TODO: check
+CVE-2024-32793 (Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pr ...)
+ TODO: check
+CVE-2024-32791 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32789 (Cross-Site Request Forgery (CSRF) vulnerability in Seers allows Cross- ...)
+ TODO: check
+CVE-2024-32788 (Insertion of Sensitive Information into Log File vulnerability in Fr\x ...)
+ TODO: check
+CVE-2024-32785 (Cross-Site Request Forgery (CSRF) vulnerability in Webangon The Pack E ...)
+ TODO: check
+CVE-2024-32782 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-32781 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-32780 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-32775 (Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google ...)
+ TODO: check
+CVE-2024-32773 (Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Royal Elem ...)
+ TODO: check
+CVE-2024-32772 (Authorization Bypass Through User-Controlled Key vulnerability in Meta ...)
+ TODO: check
+CVE-2024-32728 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Mem ...)
+ TODO: check
+CVE-2024-32726 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-32723 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32722 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32721 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32718 (Server-Side Request Forgery (SSRF) vulnerability in Webangon The Pack ...)
+ TODO: check
+CVE-2024-32716 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2024-32711 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32710 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-32709 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-32707 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32706 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-32702 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-32699 (Cross-Site Request Forgery (CSRF) vulnerability in YITH YITH WooCommer ...)
+ TODO: check
+CVE-2024-32678 (Missing Authorization vulnerability in TrackShip TrackShip for WooComm ...)
+ TODO: check
+CVE-2024-32677 (Missing Authorization vulnerability in LoginPress LoginPress Pro.This ...)
+ TODO: check
+CVE-2024-32675 (Missing Authorization vulnerability in Xfinity Soft Order Limit for Wo ...)
+ TODO: check
+CVE-2024-32662 (FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...)
+ TODO: check
+CVE-2024-32432 (Missing Authorization vulnerability in Ovic Team Ovic Addon Toolkit.Th ...)
+ TODO: check
+CVE-2024-32078 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...)
+ TODO: check
+CVE-2024-32051 (Insertion of sensitive information into log file issue exists in RoamW ...)
+ TODO: check
+CVE-2024-31616 (An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S ro ...)
+ TODO: check
+CVE-2024-31406 (Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45 ...)
+ TODO: check
+CVE-2024-30886 (A stored cross-site scripting (XSS) vulnerability in the remotelink fu ...)
+ TODO: check
+CVE-2024-2972 (The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, ...)
+ TODO: check
+CVE-2024-2404 (The Better Comments WordPress plugin before 1.5.6 does not sanitise an ...)
+ TODO: check
+CVE-2024-2402 (The Better Comments WordPress plugin before 1.5.6 does not sanitise an ...)
+ TODO: check
+CVE-2024-28977 (Dell Repository Manager, versions 3.4.2 through 3.4.4,contains a Path ...)
+ TODO: check
+CVE-2024-28976 (Dell Repository Manager, versions prior to 3.4.5, contains a Path Trav ...)
+ TODO: check
+CVE-2024-28963 (Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive ...)
+ TODO: check
+CVE-2024-28825 (Improper restriction of excessive authentication attempts on some auth ...)
+ TODO: check
+CVE-2024-28613 (SQL Injection vulnerability in PHP Task Management System v.1.0 allows ...)
+ TODO: check
+CVE-2024-27791 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2024-27537
+ REJECTED
+CVE-2024-27536
+ REJECTED
+CVE-2024-23271 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2024-23228 (This issue was addressed through improved state management. This issue ...)
+ TODO: check
+CVE-2024-20359 (A vulnerability in a legacy capability that allowed for the preloading ...)
+ TODO: check
+CVE-2024-20358 (A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore ...)
+ TODO: check
+CVE-2024-20356 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ TODO: check
+CVE-2024-20353 (A vulnerability in the management and VPN web servers for Cisco Adapti ...)
+ TODO: check
+CVE-2024-20295 (A vulnerability in the CLI of the Cisco Integrated Management Controll ...)
+ TODO: check
+CVE-2024-1756 (The WooCommerce Customers Manager WordPress plugin before 29.8 does no ...)
+ TODO: check
+CVE-2024-1743 (The WooCommerce Customers Manager WordPress plugin before 29.8 does no ...)
+ TODO: check
+CVE-2024-0151 (Insufficient argument checking in Secure state Entry functions in soft ...)
+ TODO: check
+CVE-2023-7253 (The Import WP WordPress plugin before 2.13.1 does not prevent users w ...)
+ TODO: check
+CVE-2023-51477 (Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Them ...)
+ TODO: check
+CVE-2023-51472 (Improper Authentication vulnerability in Mestres do WP Checkout Mestre ...)
+ TODO: check
+CVE-2023-51471 (Improper Authentication vulnerability in Mestres do WP Checkout Mestre ...)
+ TODO: check
+CVE-2023-51425 (Improper Privilege Management vulnerability in Jacques Malgrange Renco ...)
+ TODO: check
+CVE-2023-51405 (Improper Authentication vulnerability in Repute Infosystems BookingPre ...)
+ TODO: check
+CVE-2023-48939
+ REJECTED
+CVE-2023-48938
+ REJECTED
+CVE-2023-48763 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2023-47774 (Improper Restriction of Rendered UI Layers or Frames vulnerability in ...)
+ TODO: check
+CVE-2023-47504 (Improper Authentication vulnerability in Elementor Elementor Website B ...)
+ TODO: check
+CVE-2023-47357
+ REJECTED
+CVE-2023-32127 (Missing Authorization vulnerability in Daniel Powney Multi Rating allo ...)
+ TODO: check
CVE-2024-25583
- pdns-recursor 4.9.5-1 (bug #1069762)
NOTE: https://www.openwall.com/lists/oss-security/2024/04/24/1
@@ -150,7 +416,7 @@ CVE-2023-48183 (QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer
- quickjs 2024.01.13-1
NOTE: https://github.com/bellard/quickjs/issues/192
NOTE: https://github.com/bellard/quickjs/commit/c4cdd61a3ed284cd760faf6b00bbf0cb908da077
-CVE-2024-4040 (VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1. ...)
+CVE-2024-4040 (A server side template injection vulnerability in CrushFTP in all vers ...)
NOT-FOR-US: CrushFTP
CVE-2024-4026 (Cross-Site Scripting (XSS) vulnerability in the Holded application. Th ...)
NOT-FOR-US: Holded
@@ -4117,7 +4383,8 @@ CVE-2023-40148 (Server-side request forgery (SSRF) in PingFederate allows unauth
NOT-FOR-US: Ping Identity
CVE-2024-3545 (Improper permission handling in the vault offline cache feature in Dev ...)
NOT-FOR-US: Devolutions
-CVE-2024-3514 (The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross ...)
+CVE-2024-3514
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-3512 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
NOT-FOR-US: WordPress plugin
@@ -4216,7 +4483,8 @@ CVE-2024-30189 (A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK
NOT-FOR-US: Siemens
CVE-2024-2974 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-2957 (The Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box plugin for Wor ...)
+CVE-2024-2957
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-2946 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +1 ...)
NOT-FOR-US: WordPress plugin
@@ -64699,8 +64967,8 @@ CVE-2023-31092 (Improper Neutralization of Special Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2023-31091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prad ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31090
- RESERVED
+CVE-2023-31090 (Unrestricted Upload of File with Dangerous Type vulnerability in Unlim ...)
+ TODO: check
CVE-2023-31089 (Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31088 (Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floatin ...)
@@ -80911,8 +81179,8 @@ CVE-2023-25792 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25791
RESERVED
-CVE-2023-25790
- RESERVED
+CVE-2023-25790 (Improper Authentication, Improper Neutralization of Input During Web P ...)
+ TODO: check
CVE-2023-25789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapf ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25788 (Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woo ...)
@@ -80921,8 +81189,8 @@ CVE-2023-25787 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25786 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25785
- RESERVED
+CVE-2023-25785 (Missing Authorization vulnerability in Shoaib Saleem WP Post Rating al ...)
+ TODO: check
CVE-2023-25784 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25783 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
@@ -86527,16 +86795,16 @@ CVE-2023-23991 (Improper Neutralization of Special Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2023-23990
RESERVED
-CVE-2023-23989
- RESERVED
+CVE-2023-23989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2023-23988
RESERVED
CVE-2023-23987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEv ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23986
RESERVED
-CVE-2023-23985
- RESERVED
+CVE-2023-23985 (Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This ...)
+ TODO: check
CVE-2023-23984 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23983 (Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive ...)
@@ -86553,8 +86821,8 @@ CVE-2023-23978 (Exposure of Sensitive Information to an Unauthorized Actor vulne
NOT-FOR-US: WordPress plugin
CVE-2023-23977 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23976
- RESERVED
+CVE-2023-23976 (Incorrect Default Permissions vulnerability in Metagauss RegistrationM ...)
+ TODO: check
CVE-2023-23975
RESERVED
CVE-2023-23974 (Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Eve ...)
@@ -100948,8 +101216,8 @@ CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX firmw
NOT-FOR-US: Zyxel
CVE-2022-45853 (The privilege escalation vulnerability in the Zyxel GS1900-8 firmware ...)
NOT-FOR-US: Zyxel
-CVE-2022-45852
- RESERVED
+CVE-2022-45852 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2022-45851 (Missing Authorization vulnerability in ShareThis ShareThis Dashboard f ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45850 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf25cd4504aa968857c28dac70cdda2be32d0929
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf25cd4504aa968857c28dac70cdda2be32d0929
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240424/df0ccbf2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list