[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 15 Apr 2024 01:12:22 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f33239cd by security tracker role at 2024-04-15T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,189 @@
+CVE-2024-3778 (The file upload functionality of Ai3 QbiBot does not properly 
restrict ...)
+       TODO: check
+CVE-2024-3777 (The password reset feature of Ai3 QbiBot lacks proper access 
control,  ...)
+       TODO: check
+CVE-2024-3776 (The parameter used in the login page of Netvision airPASS is 
not prope ...)
+       TODO: check
+CVE-2024-3775 (aEnrich Technology a+HRD's functionality for downloading files 
using y ...)
+       TODO: check
+CVE-2024-3774 (aEnrich Technology a+HRD's functionality for front-end 
retrieval of sy ...)
+       TODO: check
+CVE-2024-3772 (Regular expression denial of service in Pydanic < 2.4.0, < 
1.10.13 all ...)
+       TODO: check
+CVE-2024-3771 (A vulnerability was found in PHPGurukul Student Record System 
3.20 and ...)
+       TODO: check
+CVE-2024-3770 (A vulnerability has been found in PHPGurukul Student Record 
System 3.2 ...)
+       TODO: check
+CVE-2024-3769 (A vulnerability, which was classified as critical, was found in 
PHPGur ...)
+       TODO: check
+CVE-2024-3768 (A vulnerability, which was classified as critical, has been 
found in P ...)
+       TODO: check
+CVE-2024-3767 (A vulnerability classified as critical was found in PHPGurukul 
News Po ...)
+       TODO: check
+CVE-2024-3766 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2024-3765 (A vulnerability classified as critical was found in Xiongmai 
AHB7804R- ...)
+       TODO: check
+CVE-2024-3764 (A vulnerability classified as problematic has been found in 
Tuya Camer ...)
+       TODO: check
+CVE-2024-3763 (A vulnerability was found in Emlog Pro 2.2.10. It has been 
rated as pr ...)
+       TODO: check
+CVE-2024-3762 (A vulnerability was found in Emlog Pro 2.2.10. It has been 
declared as ...)
+       TODO: check
+CVE-2024-3701 (The system application (com.transsion.kolun.aiservice) 
component does  ...)
+       TODO: check
+CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are 
vulnerable to ...)
+       TODO: check
+CVE-2024-32489 (TCPDF before 6.7.4 mishandles calls that use HTML syntax.)
+       TODO: check
+CVE-2024-32488 (In Foxit PDF Reader and Editor before 2024.1, Local Privilege 
Escalati ...)
+       TODO: check
+CVE-2024-32454 (Server-Side Request Forgery (SSRF) vulnerability in 
Wappointment Appoi ...)
+       TODO: check
+CVE-2024-32453 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-32452 (Cross-Site Request Forgery (CSRF) vulnerability in WP 
EasyCart.This is ...)
+       TODO: check
+CVE-2024-32451 (Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal 
Pages.T ...)
+       TODO: check
+CVE-2024-32450 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople 
Team WpT ...)
+       TODO: check
+CVE-2024-32449 (Cross-Site Request Forgery (CSRF) vulnerability in MagniGenie 
RestroPr ...)
+       TODO: check
+CVE-2024-32448 (Cross-Site Request Forgery (CSRF) vulnerability in 
VideoYield.Com Ads. ...)
+       TODO: check
+CVE-2024-32447 (Cross-Site Request Forgery (CSRF) vulnerability in AWP 
Classifieds Tea ...)
+       TODO: check
+CVE-2024-32446 (Cross-Site Request Forgery (CSRF) vulnerability in WP Swings 
Wallet Sy ...)
+       TODO: check
+CVE-2024-32445 (Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder 
Team We ...)
+       TODO: check
+CVE-2024-32443 (Cross-Site Request Forgery (CSRF) vulnerability in IP2Location 
Downloa ...)
+       TODO: check
+CVE-2024-32442 (Cross-Site Request Forgery (CSRF) vulnerability in Zoho 
Campaigns.This ...)
+       TODO: check
+CVE-2024-32441 (Cross-Site Request Forgery (CSRF) vulnerability in Zoho 
Campaigns.This ...)
+       TODO: check
+CVE-2024-32440 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas 
Belser Asgar ...)
+       TODO: check
+CVE-2024-32439 (Cross-Site Request Forgery (CSRF) vulnerability in SwitchWP WP 
Client  ...)
+       TODO: check
+CVE-2024-32438 (Cross-Site Request Forgery (CSRF) vulnerability in 
cleverplugins.Com S ...)
+       TODO: check
+CVE-2024-32431 (Deserialization of Untrusted Data vulnerability in WP All 
Import Impor ...)
+       TODO: check
+CVE-2024-32430 (Server-Side Request Forgery (SSRF) vulnerability in 
ActiveCampaign.Thi ...)
+       TODO: check
+CVE-2024-32429 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-32428 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-32149 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-32147 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-32145 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-32140 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-32139 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-32138 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-32137 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-32136 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-32135 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-32134 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-32133 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-32132 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-32128 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-32127 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-32125 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-32098 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-32087 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2024-32082 (Cross-Site Request Forgery (CSRF) vulnerability in kp4coder 
Sync Post  ...)
+       TODO: check
+CVE-2024-32079 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2024-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Kaloyan K. 
Tsvetkov ...)
+       TODO: check
+CVE-2024-31086 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal 
Change de ...)
+       TODO: check
+CVE-2024-30545 (Cross-Site Request Forgery (CSRF) vulnerability in Nick Powers 
Social  ...)
+       TODO: check
+CVE-2024-2858 (The Simple Buttons Creator WordPress plugin through 1.04 does 
not have ...)
+       TODO: check
+CVE-2024-2857 (The Simple Buttons Creator WordPress plugin through 1.04 does 
not have ...)
+       TODO: check
+CVE-2024-2836 (The Social Share, Social Login and Social Comments Plugin  
WordPress p ...)
+       TODO: check
+CVE-2024-2739 (The Advanced Search WordPress plugin through 1.1.6 does not 
have CSRF  ...)
+       TODO: check
+CVE-2024-29844 (Default credentials on the Web Interface of Evolution 
Controller 2.x ( ...)
+       TODO: check
+CVE-2024-29843 (The Web interface of Evolution Controller Versions 
2.04.560.31.03.2024 ...)
+       TODO: check
+CVE-2024-29842 (The Web interface of Evolution Controller Versions 
2.04.560.31.03.2024 ...)
+       TODO: check
+CVE-2024-29841 (The Web interface of Evolution Controller Versions 
2.04.560.31.03.2024 ...)
+       TODO: check
+CVE-2024-29840 (The Web interface of Evolution Controller Versions 
2.04.560.31.03.2024 ...)
+       TODO: check
+CVE-2024-29839 (The Web interface of Evolution Controller Versions 
2.04.560.31.03.2024 ...)
+       TODO: check
+CVE-2024-29838 (The Web interface of Evolution Controller Versions 
2.04.560.31.03.2024 ...)
+       TODO: check
+CVE-2024-29837 (The Web interface of Evolution Controller Versions 
2.04.560.31.03.2024 ...)
+       TODO: check
+CVE-2024-29836 (The Web interface of Evolution Controller Versions 
2.04.560.31.03.2024 ...)
+       TODO: check
+CVE-2024-27462
+       REJECTED
+CVE-2024-1849 (The WP Customer Reviews WordPress plugin before 3.7.1 does not 
validat ...)
+       TODO: check
+CVE-2024-1846 (The Responsive Tabs WordPress plugin before 4.0.7 does not 
validate an ...)
+       TODO: check
+CVE-2024-1755 (The NPS computy WordPress plugin through 2.7.5 does not have 
CSRF chec ...)
+       TODO: check
+CVE-2024-1754 (The NPS computy WordPress plugin through 2.7.5 does not 
sanitise and e ...)
+       TODO: check
+CVE-2024-1746 (The Testimonial Slider WordPress plugin before 2.3.8 does not 
sanitise ...)
+       TODO: check
+CVE-2024-1712 (The Carousel Slider WordPress plugin before 2.2.7 does not 
sanitise an ...)
+       TODO: check
+CVE-2024-1660 (The Top Bar WordPress plugin before 3.0.5 does not sanitise and 
escape ...)
+       TODO: check
+CVE-2024-1655 (Certain ASUS WiFi routers models has an OS Command Injection 
vulnerabi ...)
+       TODO: check
+CVE-2024-1310 (The WooCommerce WordPress plugin before 8.6 does not prevent 
users wit ...)
+       TODO: check
+CVE-2024-1307 (The Smart Forms  WordPress plugin before 2.6.94 does not have 
proper a ...)
+       TODO: check
+CVE-2024-1306 (The Smart Forms  WordPress plugin before 2.6.94 does not have 
CSRF che ...)
+       TODO: check
+CVE-2024-1204 (The Meta Box  WordPress plugin before 5.9.4 does not prevent 
users wit ...)
+       TODO: check
+CVE-2024-0902 (The Fancy Product Designer WordPress plugin before 6.1.81 does 
not san ...)
+       TODO: check
+CVE-2024-0399 (The WooCommerce Customers Manager WordPress plugin before 29.7 
does no ...)
+       TODO: check
+CVE-2023-7201 (The Everest Backup  WordPress plugin before 2.2.5 does not 
properly va ...)
+       TODO: check
+CVE-2023-6067 (The WP User Profile Avatar WordPress plugin through 1.0.1 does 
not val ...)
+       TODO: check
+CVE-2023-52144 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
 CVE-2024-3508
        NOT-FOR-US: Bombastic's use of bzip2
 CVE-2024-3651 [potential DoS via resource consumption via specially crafted 
inputs to idna.encode()]



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f33239cd964917b07b84fbd0a242390e8bf0d424

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f33239cd964917b07b84fbd0a242390e8bf0d424
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to