Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cf25cd45 by security tracker role at 2024-04-24T20:11:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,269 @@
+CVE-2024-4141 (Out-of-bounds array write in Xpdf 4.05 and earlier, triggered
by an in ...)
+ TODO: check
+CVE-2024-4127 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been
classi ...)
+ TODO: check
+CVE-2024-4126 (A vulnerability was found in Tenda W15E 15.11.0.14 and
classified as c ...)
+ TODO: check
+CVE-2024-4125 (A vulnerability has been found in Tenda W15E 15.11.0.14 and
classified ...)
+ TODO: check
+CVE-2024-4124 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2024-4123 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2024-4122 (A vulnerability classified as critical was found in Tenda W15E
15.11.0 ...)
+ TODO: check
+CVE-2024-4121 (A vulnerability classified as critical has been found in Tenda
W15E 15 ...)
+ TODO: check
+CVE-2024-4120 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been
rated ...)
+ TODO: check
+CVE-2024-4119 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been
declar ...)
+ TODO: check
+CVE-2024-4118 (A vulnerability was found in Tenda W15E 15.11.0.14. It has been
classi ...)
+ TODO: check
+CVE-2024-4117 (A vulnerability was found in Tenda W15E 15.11.0.14 and
classified as c ...)
+ TODO: check
+CVE-2024-4116 (A vulnerability has been found in Tenda W15E 15.11.0.14 and
classified ...)
+ TODO: check
+CVE-2024-4115 (A vulnerability, which was classified as critical, was found in
Tenda ...)
+ TODO: check
+CVE-2024-4114 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2024-4113 (A vulnerability classified as critical was found in Tenda TX9
22.03.02 ...)
+ TODO: check
+CVE-2024-4112 (A vulnerability classified as critical has been found in Tenda
TX9 22. ...)
+ TODO: check
+CVE-2024-4111 (A vulnerability was found in Tenda TX9 22.03.02.10. It has been
rated ...)
+ TODO: check
+CVE-2024-4093 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2024-4075 (A vulnerability classified as problematic has been found in
Kashipara ...)
+ TODO: check
+CVE-2024-4074 (A vulnerability was found in Kashipara Online Furniture
Shopping Ecomm ...)
+ TODO: check
+CVE-2024-4073 (A vulnerability was found in Kashipara Online Furniture
Shopping Ecomm ...)
+ TODO: check
+CVE-2024-4072 (A vulnerability was found in Kashipara Online Furniture
Shopping Ecomm ...)
+ TODO: check
+CVE-2024-4071 (A vulnerability was found in Kashipara Online Furniture
Shopping Ecomm ...)
+ TODO: check
+CVE-2024-4070 (A vulnerability has been found in Kashipara Online Furniture
Shopping ...)
+ TODO: check
+CVE-2024-4069 (A vulnerability, which was classified as critical, was found in
Kaship ...)
+ TODO: check
+CVE-2024-4066 (A vulnerability classified as critical has been found in Tenda
AC8 16. ...)
+ TODO: check
+CVE-2024-3371 (MongoDB Compass may accept and use insufficiently validated
input from ...)
+ TODO: check
+CVE-2024-3261 (The Strong Testimonials WordPress plugin before 3.1.12 does not
valida ...)
+ TODO: check
+CVE-2024-33531 (cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all
JWT-parsi ...)
+ TODO: check
+CVE-2024-32958 (Cross-Site Request Forgery (CSRF) vulnerability in Giorgos
Sarigiannid ...)
+ TODO: check
+CVE-2024-32956 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32955 (Server-Side Request Forgery (SSRF) vulnerability in
Foliovision FV Flo ...)
+ TODO: check
+CVE-2024-32954 (Unrestricted Upload of File with Dangerous Type vulnerability
in Tribu ...)
+ TODO: check
+CVE-2024-32953 (Insertion of Sensitive Information into Log File vulnerability
in News ...)
+ TODO: check
+CVE-2024-32952 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32951 (Missing Authorization vulnerability in BloomPixel Max Addons
Pro for B ...)
+ TODO: check
+CVE-2024-32950 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32948 (Missing Authorization vulnerability in Repute Infosystems
ARMember.Thi ...)
+ TODO: check
+CVE-2024-32947 (Cross-Site Request Forgery (CSRF) vulnerability in
AlumniOnline Web Se ...)
+ TODO: check
+CVE-2024-32879 (Python Social Auth is a social authentication/registration
mechanism. ...)
+ TODO: check
+CVE-2024-32876 (NewPipe is an Android app for video streaming written in Java.
It supp ...)
+ TODO: check
+CVE-2024-32875 (Hugo is a static site generator. Starting in version 0.123.0
and prior ...)
+ TODO: check
+CVE-2024-32872 (Umbraco workflow provides workflows for the Umbraco content
management ...)
+ TODO: check
+CVE-2024-32869 (Hono is a Web application framework that provides support for
any Java ...)
+ TODO: check
+CVE-2024-32866 (Conform, a type-safe form validation library, allows the
parsing of ne ...)
+ TODO: check
+CVE-2024-32836 (Unrestricted Upload of File with Dangerous Type vulnerability
in WP La ...)
+ TODO: check
+CVE-2024-32835 (Deserialization of Untrusted Data vulnerability in WebToffee
Import Ex ...)
+ TODO: check
+CVE-2024-32834 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32833 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32825 (Insertion of Sensitive Information into Log File vulnerability
in Patr ...)
+ TODO: check
+CVE-2024-32823 (Authorization Bypass Through User-Controlled Key vulnerability
in Feed ...)
+ TODO: check
+CVE-2024-32819 (Server-Side Request Forgery (SSRF) vulnerability in Culqi.This
issue a ...)
+ TODO: check
+CVE-2024-32817 (Deserialization of Untrusted Data vulnerability in Import and
export u ...)
+ TODO: check
+CVE-2024-32816 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-32815 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32812 (Server-Side Request Forgery (SSRF) vulnerability in Podlove
Podlove Po ...)
+ TODO: check
+CVE-2024-32808 (Authorization Bypass Through User-Controlled Key vulnerability
in Meta ...)
+ TODO: check
+CVE-2024-32806 (Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule
Headline ...)
+ TODO: check
+CVE-2024-32803 (Server-Side Request Forgery (SSRF) vulnerability in 2day.Sk,
Webikon S ...)
+ TODO: check
+CVE-2024-32801 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32796 (Insertion of Sensitive Information into Log File vulnerability
in Very ...)
+ TODO: check
+CVE-2024-32795 (Cross-Site Request Forgery (CSRF) vulnerability in Revmakx
WPCal.Io \u ...)
+ TODO: check
+CVE-2024-32794 (Cross-Site Request Forgery (CSRF) vulnerability in Paid
Memberships Pr ...)
+ TODO: check
+CVE-2024-32793 (Cross-Site Request Forgery (CSRF) vulnerability in Paid
Memberships Pr ...)
+ TODO: check
+CVE-2024-32791 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32789 (Cross-Site Request Forgery (CSRF) vulnerability in Seers
allows Cross- ...)
+ TODO: check
+CVE-2024-32788 (Insertion of Sensitive Information into Log File vulnerability
in Fr\x ...)
+ TODO: check
+CVE-2024-32785 (Cross-Site Request Forgery (CSRF) vulnerability in Webangon
The Pack E ...)
+ TODO: check
+CVE-2024-32782 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-32781 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-32780 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-32775 (Server-Side Request Forgery (SSRF) vulnerability in Pavex
Embed Google ...)
+ TODO: check
+CVE-2024-32773 (Cross-Site Request Forgery (CSRF) vulnerability in WP Royal
Royal Elem ...)
+ TODO: check
+CVE-2024-32772 (Authorization Bypass Through User-Controlled Key vulnerability
in Meta ...)
+ TODO: check
+CVE-2024-32728 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs
Paid Mem ...)
+ TODO: check
+CVE-2024-32726 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-32723 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32722 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32721 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32718 (Server-Side Request Forgery (SSRF) vulnerability in Webangon
The Pack ...)
+ TODO: check
+CVE-2024-32716 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2024-32711 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32710 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-32709 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-32707 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32706 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-32702 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2024-32699 (Cross-Site Request Forgery (CSRF) vulnerability in YITH YITH
WooCommer ...)
+ TODO: check
+CVE-2024-32678 (Missing Authorization vulnerability in TrackShip TrackShip for
WooComm ...)
+ TODO: check
+CVE-2024-32677 (Missing Authorization vulnerability in LoginPress LoginPress
Pro.This ...)
+ TODO: check
+CVE-2024-32675 (Missing Authorization vulnerability in Xfinity Soft Order
Limit for Wo ...)
+ TODO: check
+CVE-2024-32662 (FreeRDP is a free implementation of the Remote Desktop
Protocol. FreeR ...)
+ TODO: check
+CVE-2024-32432 (Missing Authorization vulnerability in Ovic Team Ovic Addon
Toolkit.Th ...)
+ TODO: check
+CVE-2024-32078 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in F ...)
+ TODO: check
+CVE-2024-32051 (Insertion of sensitive information into log file issue exists
in RoamW ...)
+ TODO: check
+CVE-2024-31616 (An issue discovered in RG-RSR10-01G-T(W)-S and
RG-RSR10-01G-T(WA)-S ro ...)
+ TODO: check
+CVE-2024-31406 (Active debug code vulnerability exists in RoamWiFi R10 prior
to 4.8.45 ...)
+ TODO: check
+CVE-2024-30886 (A stored cross-site scripting (XSS) vulnerability in the
remotelink fu ...)
+ TODO: check
+CVE-2024-2972 (The Floating Chat Widget: Contact Chat Icons, WhatsApp,
Telegram Chat, ...)
+ TODO: check
+CVE-2024-2404 (The Better Comments WordPress plugin before 1.5.6 does not
sanitise an ...)
+ TODO: check
+CVE-2024-2402 (The Better Comments WordPress plugin before 1.5.6 does not
sanitise an ...)
+ TODO: check
+CVE-2024-28977 (Dell Repository Manager, versions 3.4.2 through 3.4.4,contains
a Path ...)
+ TODO: check
+CVE-2024-28976 (Dell Repository Manager, versions prior to 3.4.5, contains a
Path Trav ...)
+ TODO: check
+CVE-2024-28963 (Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a
sensitive ...)
+ TODO: check
+CVE-2024-28825 (Improper restriction of excessive authentication attempts on
some auth ...)
+ TODO: check
+CVE-2024-28613 (SQL Injection vulnerability in PHP Task Management System
v.1.0 allows ...)
+ TODO: check
+CVE-2024-27791 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2024-27537
+ REJECTED
+CVE-2024-27536
+ REJECTED
+CVE-2024-23271 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2024-23228 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2024-20359 (A vulnerability in a legacy capability that allowed for the
preloading ...)
+ TODO: check
+CVE-2024-20358 (A vulnerability in the Cisco Adaptive Security Appliance (ASA)
restore ...)
+ TODO: check
+CVE-2024-20356 (A vulnerability in the web-based management interface of Cisco
Integra ...)
+ TODO: check
+CVE-2024-20353 (A vulnerability in the management and VPN web servers for
Cisco Adapti ...)
+ TODO: check
+CVE-2024-20295 (A vulnerability in the CLI of the Cisco Integrated Management
Controll ...)
+ TODO: check
+CVE-2024-1756 (The WooCommerce Customers Manager WordPress plugin before 29.8
does no ...)
+ TODO: check
+CVE-2024-1743 (The WooCommerce Customers Manager WordPress plugin before 29.8
does no ...)
+ TODO: check
+CVE-2024-0151 (Insufficient argument checking in Secure state Entry functions
in soft ...)
+ TODO: check
+CVE-2023-7253 (The Import WP WordPress plugin before 2.13.1 does not prevent
users w ...)
+ TODO: check
+CVE-2023-51477 (Improper Authentication vulnerability in BUDDYBOSS DMCC
BuddyBoss Them ...)
+ TODO: check
+CVE-2023-51472 (Improper Authentication vulnerability in Mestres do WP
Checkout Mestre ...)
+ TODO: check
+CVE-2023-51471 (Improper Authentication vulnerability in Mestres do WP
Checkout Mestre ...)
+ TODO: check
+CVE-2023-51425 (Improper Privilege Management vulnerability in Jacques
Malgrange Renco ...)
+ TODO: check
+CVE-2023-51405 (Improper Authentication vulnerability in Repute Infosystems
BookingPre ...)
+ TODO: check
+CVE-2023-48939
+ REJECTED
+CVE-2023-48938
+ REJECTED
+CVE-2023-48763 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2023-47774 (Improper Restriction of Rendered UI Layers or Frames
vulnerability in ...)
+ TODO: check
+CVE-2023-47504 (Improper Authentication vulnerability in Elementor Elementor
Website B ...)
+ TODO: check
+CVE-2023-47357
+ REJECTED
+CVE-2023-32127 (Missing Authorization vulnerability in Daniel Powney Multi
Rating allo ...)
+ TODO: check
CVE-2024-25583
- pdns-recursor 4.9.5-1 (bug #1069762)
NOTE: https://www.openwall.com/lists/oss-security/2024/04/24/1
@@ -150,7 +416,7 @@ CVE-2023-48183 (QuickJS before c4cdd61 has a
build_for_in_iterator NULL pointer
- quickjs 2024.01.13-1
NOTE: https://github.com/bellard/quickjs/issues/192
NOTE:
https://github.com/bellard/quickjs/commit/c4cdd61a3ed284cd760faf6b00bbf0cb908da077
-CVE-2024-4040 (VFS Sandbox Escape in CrushFTP in all versions before 10.7.1
and 11.1. ...)
+CVE-2024-4040 (A server side template injection vulnerability in CrushFTP in
all vers ...)
NOT-FOR-US: CrushFTP
CVE-2024-4026 (Cross-Site Scripting (XSS) vulnerability in the Holded
application. Th ...)
NOT-FOR-US: Holded
@@ -4117,7 +4383,8 @@ CVE-2023-40148 (Server-side request forgery (SSRF) in
PingFederate allows unauth
NOT-FOR-US: Ping Identity
CVE-2024-3545 (Improper permission handling in the vault offline cache feature
in Dev ...)
NOT-FOR-US: Devolutions
-CVE-2024-3514 (The Responsive Tabs plugin for WordPress is vulnerable to
Stored Cross ...)
+CVE-2024-3514
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-3512 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
@@ -4216,7 +4483,8 @@ CVE-2024-30189 (A vulnerability has been identified in
SCALANCE W721-1 RJ45 (6GK
NOT-FOR-US: Siemens
CVE-2024-2974 (The Essential Addons for Elementor \u2013 Best Elementor
Templates, Wi ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-2957 (The Simple Ajax Chat \u2013 Add a Fast, Secure Chat Box plugin
for Wor ...)
+CVE-2024-2957
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2024-2946 (The ShopLentor \u2013 WooCommerce Builder for Elementor &
Gutenberg +1 ...)
NOT-FOR-US: WordPress plugin
@@ -64699,8 +64967,8 @@ CVE-2023-31092 (Improper Neutralization of Special
Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2023-31091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Prad ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31090
- RESERVED
+CVE-2023-31090 (Unrestricted Upload of File with Dangerous Type vulnerability
in Unlim ...)
+ TODO: check
CVE-2023-31089 (Cross-Site Request Forgery (CSRF) vulnerability in
Tradebooster Video ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31088 (Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi
Floatin ...)
@@ -80911,8 +81179,8 @@ CVE-2023-25792 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25791
RESERVED
-CVE-2023-25790
- RESERVED
+CVE-2023-25790 (Improper Authentication, Improper Neutralization of Input
During Web P ...)
+ TODO: check
CVE-2023-25789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Tapf ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25788 (Cross-Site Request Forgery (CSRF) vulnerability in Saphali
Saphali Woo ...)
@@ -80921,8 +81189,8 @@ CVE-2023-25787 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25786 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Thom ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25785
- RESERVED
+CVE-2023-25785 (Missing Authorization vulnerability in Shoaib Saleem WP Post
Rating al ...)
+ TODO: check
CVE-2023-25784 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Bon ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25783 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Alex ...)
@@ -86527,16 +86795,16 @@ CVE-2023-23991 (Improper Neutralization of Special
Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2023-23990
RESERVED
-CVE-2023-23989
- RESERVED
+CVE-2023-23989 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
CVE-2023-23988
RESERVED
CVE-2023-23987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPEv ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23986
RESERVED
-CVE-2023-23985
- RESERVED
+CVE-2023-23985 (Missing Authorization vulnerability in Quiz Maker team Quiz
Maker.This ...)
+ TODO: check
CVE-2023-23984 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company
Bubble ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23983 (Cross-Site Request Forgery (CSRF) vulnerability in wpdevart
Responsive ...)
@@ -86553,8 +86821,8 @@ CVE-2023-23978 (Exposure of Sensitive Information to an
Unauthorized Actor vulne
NOT-FOR-US: WordPress plugin
CVE-2023-23977 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23976
- RESERVED
+CVE-2023-23976 (Incorrect Default Permissions vulnerability in Metagauss
RegistrationM ...)
+ TODO: check
CVE-2023-23975
RESERVED
CVE-2023-23974 (Cross-Site Request Forgery (CSRF) vulnerability in Fullworks
Quick Eve ...)
@@ -100948,8 +101216,8 @@ CVE-2022-45854 (An improper check for unusual
conditions in Zyxel NWA110AX firmw
NOT-FOR-US: Zyxel
CVE-2022-45853 (The privilege escalation vulnerability in the Zyxel GS1900-8
firmware ...)
NOT-FOR-US: Zyxel
-CVE-2022-45852
- RESERVED
+CVE-2022-45852 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
CVE-2022-45851 (Missing Authorization vulnerability in ShareThis ShareThis
Dashboard f ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45850 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys
Image Map Pr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf25cd4504aa968857c28dac70cdda2be32d0929
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf25cd4504aa968857c28dac70cdda2be32d0929
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
