[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 4 09:12:27 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d3969b9d by security tracker role at 2024-06-04T08:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2024-5485 (The SureTriggers \u2013 Connect All Your Plugins, Apps, Tools & Automa ...)
+ TODO: check
+CVE-2024-5422 (An uncontrolled resource consumption of file descriptors in SEH Comput ...)
+ TODO: check
+CVE-2024-5421 (Missing input validation and OS command integration of the input in th ...)
+ TODO: check
+CVE-2024-5420 (Missing input validation in theSEH Computertechnik utnserver Pro, SEH ...)
+ TODO: check
+CVE-2024-4997 (The WPUpper Share Buttons plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2024-4870 (The Frontend Registration \u2013 Contact Form 7 plugin for WordPress i ...)
+ TODO: check
+CVE-2024-4857 (The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitis ...)
+ TODO: check
+CVE-2024-4856 (The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitis ...)
+ TODO: check
+CVE-2024-4750 (The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR ...)
+ TODO: check
+CVE-2024-4749 (The wp-eMember WordPress plugin before 10.3.9 does not sanitize and es ...)
+ TODO: check
+CVE-2024-4697 (The Cowidgets \u2013 Elementor Addons plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-4552 (The Social Login Lite For WooCommerce plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-4462 (The Nafeza Prayer Time plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-4274 (The Essential Real Estate plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2024-4273 (The Essential Real Estate plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-4253 (A command injection vulnerability exists in the gradio-app/gradio repo ...)
+ TODO: check
+CVE-2024-4180 (The Events Calendar WordPress plugin before 6.4.0.1 does not properly ...)
+ TODO: check
+CVE-2024-4057 (The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3. ...)
+ TODO: check
+CVE-2024-3888 (The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-3555 (The Social Link Pages: link-in-bio landing pages for your social media ...)
+ TODO: check
+CVE-2024-3230 (The Download Attachments plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2024-3031 (The Fluid Notification Bar plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2024-36782 (TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded ...)
+ TODO: check
+CVE-2024-2470 (The Simple Ajax Chat WordPress plugin before 20240412 does not saniti ...)
+ TODO: check
+CVE-2024-2382 (The Authorize.net Payment Gateway For WooCommerce plugin for WordPress ...)
+ TODO: check
+CVE-2024-2019 (The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthori ...)
+ TODO: check
+CVE-2024-29976 (** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vuln ...)
+ TODO: check
+CVE-2024-29975 (** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vuln ...)
+ TODO: check
+CVE-2024-29974 (** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerabilit ...)
+ TODO: check
+CVE-2024-29973 (** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in ...)
+ TODO: check
+CVE-2024-29972 (** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in ...)
+ TODO: check
+CVE-2024-20887 (Arbitrary directory creation in GalaxyBudsManager PC prior to version ...)
+ TODO: check
+CVE-2024-20886 (Arbitrary directory creation in Samsung Live Wallpaper PC prior to ver ...)
+ TODO: check
+CVE-2024-20885 (Improper component protection vulnerability in Samsung Dialer prior to ...)
+ TODO: check
+CVE-2024-20884 (Incorrect use of privileged API vulnerability in getSemBatteryUsageSta ...)
+ TODO: check
+CVE-2024-20883 (Incorrect use of privileged API vulnerability in registerBatteryStatsC ...)
+ TODO: check
+CVE-2024-20882 (Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 ...)
+ TODO: check
+CVE-2024-20881 (Improper input validation vulnerability in chnactiv TA prior to SMR Ju ...)
+ TODO: check
+CVE-2024-20880 (Stack-based buffer overflow vulnerability in bootloader prior to SMR J ...)
+ TODO: check
+CVE-2024-20879 (Improper input validation vulnerability in libsavscmn.so prior to SMR ...)
+ TODO: check
+CVE-2024-20878 (Heap out-of-bound write vulnerability in parsing grid image in libsavs ...)
+ TODO: check
+CVE-2024-20877 (Heap out-of-bound write vulnerability in parsing grid image header in ...)
+ TODO: check
+CVE-2024-20876 (Improper input validation in libsheifdecadapter.so prior to SMR Jun-20 ...)
+ TODO: check
+CVE-2024-20875 (Improper caller verification vulnerability in SemClipboard prior to SM ...)
+ TODO: check
+CVE-2024-20874 (Improper access control vulnerability in SmartManagerCN prior to SMR J ...)
+ TODO: check
+CVE-2024-20873 (Improper input validation vulnerability in caminfo driver prior to SMR ...)
+ TODO: check
+CVE-2024-1718 (The Claudio Sanches \u2013 Checkout Cielo for WooCommerce plugin for W ...)
+ TODO: check
+CVE-2024-1717 (The Admin Notices Manager plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2024-0757 (The Insert or Embed Articulate Content into WordPress plugin through 4 ...)
+ TODO: check
+CVE-2023-44235 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+ TODO: check
+CVE-2023-41134 (Authentication Bypass by Spoofing vulnerability in pluginkollektiv Ant ...)
+ TODO: check
+CVE-2023-40673 (: Improper Control of Interaction Frequency vulnerability in cartpauj ...)
+ TODO: check
+CVE-2023-40557 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2023-40332 (Improper Control of Interaction Frequency vulnerability in Lester \u20 ...)
+ TODO: check
+CVE-2023-39161 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2023-38520 (External Control of Assumed-Immutable Web Parameter vulnerability in P ...)
+ TODO: check
+CVE-2023-37865 (Authentication Bypass by Spoofing vulnerability in IP2Location Downloa ...)
+ TODO: check
+CVE-2023-34001 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+ TODO: check
+CVE-2023-33930 (Unrestricted Upload of File with Dangerous Type vulnerability in Unlim ...)
+ TODO: check
CVE-2024-5404 (An unauthenticated remote attackercan change the admin password in amo ...)
NOT-FOR-US: ifm electronic GmbH
CVE-2024-5388
@@ -142,7 +260,7 @@ CVE-2023-43538 (Memory corruption in TZ Secure OS while Tunnel Invoke Manager in
TODO: check
CVE-2023-43537 (Information disclosure while handling T2LM Action Frame in WLAN Host.)
TODO: check
-CVE-2024-36104
+CVE-2024-36104 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: Apache OFBiz
CVE-2024-5590 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...)
NOT-FOR-US: Netentsec
@@ -18109,7 +18227,8 @@ CVE-2024-3804 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: Vesystem Cloud Desktop
CVE-2024-3803 (A vulnerability classified as critical was found in Vesystem Cloud Des ...)
NOT-FOR-US: Vesystem Cloud Desktop
-CVE-2024-3802 (Vulnerabilities in Celeste 22.x was vulnerable to takeover from unauth ...)
+CVE-2024-3802
+ REJECTED
NOT-FOR-US: Celeste
CVE-2024-3797 (A vulnerability was found in SourceCodester QR Code Bookmark System 1. ...)
NOT-FOR-US: SourceCodester QR Code Bookmark System
@@ -88738,12 +88857,12 @@ CVE-2023-28496 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-28495 (Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop WP Shor ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28494
- RESERVED
+CVE-2023-28494 (Missing Authorization vulnerability in CodePeople Contact Form Email a ...)
+ TODO: check
CVE-2023-28493 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: Wordpress theme
-CVE-2023-28492
- RESERVED
+CVE-2023-28492 (Missing Authorization vulnerability in CodePeople CP Multi View Event ...)
+ TODO: check
CVE-2023-28491 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28490 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik ...)
@@ -92346,8 +92465,8 @@ CVE-2023-27462 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All v
NOT-FOR-US: RUGGEDCOM CROSSBOW
CVE-2023-27461 (Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27460
- RESERVED
+CVE-2023-27460 (Missing Authorization vulnerability in CodePeople, paypaldev CP Contac ...)
+ TODO: check
CVE-2023-27459 (Deserialization of Untrusted Data vulnerability in WPEverest User Regi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27458 (Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream p ...)
@@ -92392,8 +92511,8 @@ CVE-2023-27439 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-27438 (Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27437
- RESERVED
+CVE-2023-27437 (Missing Authorization vulnerability in Event Espresso Event Espresso 4 ...)
+ TODO: check
CVE-2023-27436 (Cross-Site Request Forgery (CSRF) vulnerability in Louis Reingold Eleg ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27435 (Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui ...)
@@ -94679,12 +94798,12 @@ CVE-2023-26525 (Improper Neutralization of Special Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2023-26524 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26523
- RESERVED
+CVE-2023-26523 (Missing Authorization vulnerability in CodePeople Calculated Fields Fo ...)
+ TODO: check
CVE-2023-26522
RESERVED
-CVE-2023-26521
- RESERVED
+CVE-2023-26521 (Missing Authorization vulnerability in CodePeople Search in Place allo ...)
+ TODO: check
CVE-2023-26520
RESERVED
CVE-2023-26519 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
@@ -101523,8 +101642,8 @@ CVE-2023-24375
RESERVED
CVE-2023-24374 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24373
- RESERVED
+CVE-2023-24373 (External Control of Assumed-Immutable Web Parameter vulnerability in W ...)
+ TODO: check
CVE-2023-24372 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23579 (Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the ...)
@@ -103290,14 +103409,14 @@ CVE-2023-23740
RESERVED
CVE-2023-23739
RESERVED
-CVE-2023-23738
- RESERVED
+CVE-2023-23738 (Improper Neutralization of Special Elements in Output Used by a Downst ...)
+ TODO: check
CVE-2023-23737 (Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Lin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23736
RESERVED
-CVE-2023-23735
- RESERVED
+CVE-2023-23735 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
CVE-2023-23734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23733 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel ...)
@@ -103306,8 +103425,8 @@ CVE-2023-23732 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23731 (Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23730
- RESERVED
+CVE-2023-23730 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+ TODO: check
CVE-2023-23729
RESERVED
CVE-2023-23728 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwa ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3969b9d65945f82db3a83da865fa5e48bcbb896
--
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3969b9d65945f82db3a83da865fa5e48bcbb896
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240604/ffc4df79/attachment.htm>
More information about the debian-security-tracker-commits
mailing list