[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 11 20:15:22 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cff0f6e8 by security tracker role at 2024-01-11T20:15:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,195 @@
+CVE-2024-23061 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
+ TODO: check
+CVE-2024-23060 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
+ TODO: check
+CVE-2024-23059 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
+ TODO: check
+CVE-2024-23058 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
+ TODO: check
+CVE-2024-23057 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
+ TODO: check
+CVE-2024-22942 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
+ TODO: check
+CVE-2024-22199 (This package provides universal methods to use multiple template engin ...)
+ TODO: check
+CVE-2024-22198 (Nginx-UI is a web interface to manage Nginx configurations. It is vuln ...)
+ TODO: check
+CVE-2024-22197 (Nginx-ui is online statistics for Server Indicators Monitor CPU usage, ...)
+ TODO: check
+CVE-2024-22196 (Nginx-UI is an online statistics for Server Indicators Monitor CPU usa ...)
+ TODO: check
+CVE-2024-0429 (A denial service vulnerability has been found on Hex Workshop affectin ...)
+ TODO: check
+CVE-2024-0425 (A vulnerability classified as critical was found in ForU CMS up to 202 ...)
+ TODO: check
+CVE-2024-0424 (A vulnerability classified as problematic has been found in CodeAstro ...)
+ TODO: check
+CVE-2024-0423 (A vulnerability was found in CodeAstro Online Food Ordering System 1.0 ...)
+ TODO: check
+CVE-2024-0422 (A vulnerability was found in CodeAstro POS and Inventory Management Sy ...)
+ TODO: check
+CVE-2024-0419 (A vulnerability was found in Jasper httpdx up to 1.5.4 and classified ...)
+ TODO: check
+CVE-2024-0418 (A vulnerability has been found in iSharer and upRedSun File Sharing Wi ...)
+ TODO: check
+CVE-2024-0417 (A vulnerability, which was classified as critical, was found in DeShan ...)
+ TODO: check
+CVE-2024-0416 (A vulnerability, which was classified as critical, has been found in D ...)
+ TODO: check
+CVE-2024-0415 (A vulnerability classified as critical was found in DeShang DSMall up ...)
+ TODO: check
+CVE-2024-0414 (A vulnerability classified as problematic has been found in DeShang DS ...)
+ TODO: check
+CVE-2024-0413 (A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been ra ...)
+ TODO: check
+CVE-2024-0412 (A vulnerability was found in DeShang DSShop up to 3.1.0. It has been d ...)
+ TODO: check
+CVE-2024-0411 (A vulnerability was found in DeShang DSMall up to 6.1.0. It has been c ...)
+ TODO: check
+CVE-2024-0227 (Devise-Two-Factor does not throttle or otherwise restrict login attemp ...)
+ TODO: check
+CVE-2023-7071 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...)
+ TODO: check
+CVE-2023-7070 (The Email Encoder \u2013 Protect Email Addresses and Phone Numbers plu ...)
+ TODO: check
+CVE-2023-7048 (The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Req ...)
+ TODO: check
+CVE-2023-7019 (The LightStart \u2013 Maintenance Mode, Coming Soon and Landing Page B ...)
+ TODO: check
+CVE-2023-6994 (The List category posts plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2023-6990 (The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2023-6988 (The Colibri Page Builder plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-6979 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2023-6938 (The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2023-6934 (The Limit Login Attempts Reloaded plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2023-6924 (The Photo Gallery by 10Web plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2023-6882 (The Simple Membership plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2023-6878 (The Slick Social Share Buttons plugin for WordPress is vulnerable to u ...)
+ TODO: check
+CVE-2023-6875 (The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications ...)
+ TODO: check
+CVE-2023-6855 (The Paid Memberships Pro \u2013 Content Restriction, User Registration ...)
+ TODO: check
+CVE-2023-6828 (The Contact Form, Survey & Popup Form Plugin for WordPress \u2013 ARF ...)
+ TODO: check
+CVE-2023-6782 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is ...)
+ TODO: check
+CVE-2023-6781 (The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2023-6776 (The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2023-6751 (The Hostinger plugin for WordPress is vulnerable to unauthorized plugi ...)
+ TODO: check
+CVE-2023-6742 (The Gallery Plugin for WordPress \u2013 Envira Photo Gallery plugin fo ...)
+ TODO: check
+CVE-2023-6737 (The Enable Media Replace plugin for WordPress is vulnerable to Reflect ...)
+ TODO: check
+CVE-2023-6684 (The Ibtana \u2013 WordPress Website Builder plugin for WordPress is vu ...)
+ TODO: check
+CVE-2023-6645 (The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress i ...)
+ TODO: check
+CVE-2023-6638 (The GTG Product Feed for Shopping plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2023-6637 (The CAOS | Host Google Analytics Locally plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2023-6636 (The Greenshift \u2013 animation and page builder blocks plugin for Wor ...)
+ TODO: check
+CVE-2023-6634 (The LearnPress plugin for WordPress is vulnerable to Command Injection ...)
+ TODO: check
+CVE-2023-6632 (The Happy Addons for Elementor plugin for WordPress is vulnerable to R ...)
+ TODO: check
+CVE-2023-6624 (The Import and export users and customers plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2023-6598 (The SpeedyCache plugin for WordPress is vulnerable to unauthorized mod ...)
+ TODO: check
+CVE-2023-6583 (The Import and export users and customers plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2023-6582 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2023-6567 (The LearnPress plugin for WordPress is vulnerable to time-based SQL In ...)
+ TODO: check
+CVE-2023-6561 (The Featured Image from URL (FIFU) plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2023-6558 (The Export and Import Users and Customers plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2023-6556 (The FOX \u2013 Currency Switcher Professional for WooCommerce plugin f ...)
+ TODO: check
+CVE-2023-6554 (When access to the "admin" folder is not protected by some external au ...)
+ TODO: check
+CVE-2023-6504 (The User Profile Builder \u2013 Beautiful User Registration Forms, Use ...)
+ TODO: check
+CVE-2023-6496 (The Manage Notification E-mails plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2023-6369 (The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2023-6316 (The MW WP Form plugin for WordPress is vulnerable to arbitrary file up ...)
+ TODO: check
+CVE-2023-6266 (The Backup Migration plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2023-6244 (The EventON - WordPress Virtual Event Calendar Plugin plugin for WordP ...)
+ TODO: check
+CVE-2023-6242 (The EventON - WordPress Virtual Event Calendar Plugin plugin for WordP ...)
+ TODO: check
+CVE-2023-6220 (The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file ...)
+ TODO: check
+CVE-2023-5691 (The Chatbot for WordPress plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-5504 (The BackWPup plugin for WordPress is vulnerable to Directory Traversal ...)
+ TODO: check
+CVE-2023-5118 (The application is vulnerable to Stored Cross-Site Scripting (XSS) in ...)
+ TODO: check
+CVE-2023-52032 (TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a r ...)
+ TODO: check
+CVE-2023-52031 (TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-52030 (TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-52029 (TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-52028 (TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-52027 (TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-51989 (D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, ...)
+ TODO: check
+CVE-2023-51987 (D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, ...)
+ TODO: check
+CVE-2023-51984 (D-Link DIR-822+ V1.0.2 was found to contain a command injection in Set ...)
+ TODO: check
+CVE-2023-51751 (ScaleFusion 10.5.2 does not properly limit users to the Edge applicati ...)
+ TODO: check
+CVE-2023-51750 (ScaleFusion 10.5.2 does not properly limit users to the Edge applicati ...)
+ TODO: check
+CVE-2023-51749 (ScaleFusion 10.5.2 does not properly limit users to the Edge applicati ...)
+ TODO: check
+CVE-2023-51748 (ScaleFusion 10.5.2 does not properly limit users to the Edge applicati ...)
+ TODO: check
+CVE-2023-50671 (In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overf ...)
+ TODO: check
+CVE-2023-50159 (In ScaleFusion (Windows Desktop App) agent v10.5.2, Kiosk mode applica ...)
+ TODO: check
+CVE-2023-4962 (The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2023-4960 (The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2023-4372 (The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2023-4248 (The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
+ TODO: check
+CVE-2023-4247 (The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
+ TODO: check
+CVE-2023-4246 (The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
+ TODO: check
+CVE-2022-4958 (A vulnerability classified as problematic has been found in qkmc-rk re ...)
+ TODO: check
CVE-2024-22195 (Jinja is an extensible templating engine. Special placeholders in the ...)
- jinja2 <unfixed>
NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95
@@ -6174,7 +6366,7 @@ CVE-2023-48417 (Missing Permission checks resulting in unauthorized access and M
NOT-FOR-US: Android
CVE-2023-6655 (A vulnerability, which was classified as critical, has been found in H ...)
NOT-FOR-US: Hongjing e-HR 2020
-CVE-2023-6654 (A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Af ...)
+CVE-2023-6654 (A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x ...)
NOT-FOR-US: PHPEMS
CVE-2023-6653 (A vulnerability was found in PHPGurukul Teacher Subject Allocation Man ...)
NOT-FOR-US: PHPGurukul Teacher Subject Allocation Management System
@@ -80852,8 +81044,8 @@ CVE-2023-20575 (A potential power side-channel vulnerability in some AMD process
NOT-FOR-US: AMD
CVE-2023-20574
RESERVED
-CVE-2023-20573
- RESERVED
+CVE-2023-20573 (A privileged attacker can prevent delivery of debug exceptions to SEV- ...)
+ TODO: check
CVE-2023-20572
RESERVED
CVE-2023-20571 (A race condition in System Management Mode (SMM) code may allow an att ...)
@@ -125819,7 +126011,7 @@ CVE-2022-28343
RESERVED
CVE-2022-28342
RESERVED
-CVE-2022-1209 (The Ultimate Member plugin for WordPress is vulnerable to open redirec ...)
+CVE-2022-1209 (The Ultimate Member plugin for WordPress is vulnerable to arbitrary re ...)
NOT-FOR-US: Ultimate Member plugin for WordPress
CVE-2022-1208 (The Ultimate Member plugin for WordPress is vulnerable to Stored Cross ...)
NOT-FOR-US: Ultimate Member plugin for WordPress
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cff0f6e851f17c5422a1930afcf3be659dd879f4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cff0f6e851f17c5422a1930afcf3be659dd879f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240111/9059d409/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list