[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 15 09:12:22 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
46925bfd by security tracker role at 2024-05-15T08:12:04+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,114 @@
-CVE-2024-3044 [Graphic on-click binding allows unchecked script execution]
+CVE-2024-4894 (ITPison OMICARD EDM  fails to properly filter specific URL parameter,  ...)
+	TODO: check
+CVE-2024-4893 (DigiWin EasyFlow .NET lacks validation for certain input parameters, a ...)
+	TODO: check
+CVE-2024-4847 (The Alt Text AI \u2013 Automatically generate image alt text for SEO a ...)
+	TODO: check
+CVE-2024-4734 (The Import and export users and customers plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2024-4666 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Ele ...)
+	TODO: check
+CVE-2024-4656 (The Import and export users and customers plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2024-4636 (The Image Optimization by Optimole \u2013 Lazy Load, CDN, Convert WebP ...)
+	TODO: check
+CVE-2024-4618 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2024-4562 (In WhatsUp Gold versions released before 2023.1.2 ,   an SSRF vulnerab ...)
+	TODO: check
+CVE-2024-4561 (In WhatsUp Gold versions released before 2023.1.2 ,   a blind SSRF vul ...)
+	TODO: check
+CVE-2024-4373 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data T ...)
+	TODO: check
+CVE-2024-4370 (The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPr ...)
+	TODO: check
+CVE-2024-4363 (The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress i ...)
+	TODO: check
+CVE-2024-4208 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Feature ...)
+	TODO: check
+CVE-2024-4199 (The Bulk Posts Editing For WordPress plugin for WordPress is vulnerabl ...)
+	TODO: check
+CVE-2024-3824 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not hav ...)
+	TODO: check
+CVE-2024-3823 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not hav ...)
+	TODO: check
+CVE-2024-3822 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not san ...)
+	TODO: check
+CVE-2024-3749 (The SP Project & Document Manager WordPress plugin through 4.71 lacks  ...)
+	TODO: check
+CVE-2024-3748 (The SP Project & Document Manager WordPress plugin through 4.71 is mis ...)
+	TODO: check
+CVE-2024-3744 (A security issue was discovered in azure-file-csi-driver where an acto ...)
+	TODO: check
+CVE-2024-3634 (The month name translation benaceur WordPress plugin before 2.3.8 does ...)
+	TODO: check
+CVE-2024-3631 (The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF c ...)
+	TODO: check
+CVE-2024-3630 (The HL Twitter WordPress plugin through 2014.1.18 does not sanitise an ...)
+	TODO: check
+CVE-2024-3629 (The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF c ...)
+	TODO: check
+CVE-2024-3548 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...)
+	TODO: check
+CVE-2024-3407 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks ...)
+	TODO: check
+CVE-2024-3406 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check  ...)
+	TODO: check
+CVE-2024-3405 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check  ...)
+	TODO: check
+CVE-2024-3189 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features pl ...)
+	TODO: check
+CVE-2024-35175 (sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and p ...)
+	TODO: check
+CVE-2024-35109 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-35108 (idccms v1.35 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-32888 (The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provi ...)
+	TODO: check
+CVE-2024-31556 (An issue in Reportico Web before v.8.1.0 allows a local attacker to ex ...)
+	TODO: check
+CVE-2024-31483 (An authenticated sensitive information disclosure vulnerability exists ...)
+	TODO: check
+CVE-2024-31482 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...)
+	TODO: check
+CVE-2024-31481 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...)
+	TODO: check
+CVE-2024-31480 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...)
+	TODO: check
+CVE-2024-31479 (Unauthenticated Denial of Service (DoS) vulnerabilities exist in the C ...)
+	TODO: check
+CVE-2024-31478 (Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist ...)
+	TODO: check
+CVE-2024-31477 (Multiple authenticated command injection vulnerabilities exist in the  ...)
+	TODO: check
+CVE-2024-31476 (Multiple authenticated command injection vulnerabilities exist in the  ...)
+	TODO: check
+CVE-2024-31475 (There is an arbitrary file deletion vulnerability in the Central Commu ...)
+	TODO: check
+CVE-2024-31474 (There is an arbitrary file deletion vulnerability in the CLI service a ...)
+	TODO: check
+CVE-2024-31473 (There is a command injection vulnerability in the underlying deauthent ...)
+	TODO: check
+CVE-2024-31472 (There are command injection vulnerabilities in the underlying Soft AP  ...)
+	TODO: check
+CVE-2024-31471 (There is a command injection vulnerability in the underlying Central C ...)
+	TODO: check
+CVE-2024-31470 (There is a buffer overflow vulnerability in the underlying SAE (Simult ...)
+	TODO: check
+CVE-2024-31469 (There are buffer overflow vulnerabilities in the underlying Central Co ...)
+	TODO: check
+CVE-2024-31468 (There are buffer overflow vulnerabilities in the underlying Central Co ...)
+	TODO: check
+CVE-2024-31467 (There are buffer overflow vulnerabilities in the underlying CLI servic ...)
+	TODO: check
+CVE-2024-31466 (There are buffer overflow vulnerabilities in the underlying CLI servic ...)
+	TODO: check
+CVE-2024-0437 (The Password Protected \u2013 Ultimate Plugin to Password Protect Your ...)
+	TODO: check
+CVE-2023-33327 (Improper Privilege Management vulnerability in Teplitsa of social tech ...)
+	TODO: check
+CVE-2024-3044 (Unchecked script execution in Graphic on-click binding in affected Lib ...)
 	- libreoffice 4:24.2.3~rc1-2
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2024-3044/
 CVE-2024-4871 (A vulnerability was found in Satellite. When running a remote executio ...)
@@ -161655,8 +161765,8 @@ CVE-2022-28134 (Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier do
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-28133 (Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2022-28132
-	RESERVED
+CVE-2022-28132 (The T-Soft E-Commerce 4 web application is susceptible to SQL injectio ...)
+	TODO: check
 CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17. ...)
 	- golang-1.18 1.18.4-1
 	- golang-1.15 <removed>
@@ -269262,8 +269372,8 @@ CVE-2020-26314
 	REJECTED
 CVE-2020-26313
 	REJECTED
-CVE-2020-26312
-	RESERVED
+CVE-2020-26312 (Dotmesh is a git-like command-line interface for capturing, organizing ...)
+	TODO: check
 CVE-2020-26311
 	RESERVED
 CVE-2020-26310
@@ -277016,7 +277126,8 @@ CVE-2020-23068
 	RESERVED
 CVE-2020-23067
 	RESERVED
-CVE-2020-23066 (Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v ...)
+CVE-2020-23066
+	REJECTED
 	- tinymce <removed> (bug #972642)
 	[buster] - tinymce <no-dsa> (Minor issue)
 	NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46925bfd3199d2d19018c74a0645d2bd901a88f3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46925bfd3199d2d19018c74a0645d2bd901a88f3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240515/0be423c1/attachment.htm>

More information about the debian-security-tracker-commits mailing list