Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
46925bfd by security tracker role at 2024-05-15T08:12:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,114 @@
-CVE-2024-3044 [Graphic on-click binding allows unchecked script execution]
+CVE-2024-4894 (ITPison OMICARD EDM fails to properly filter specific URL
parameter, ...)
+ TODO: check
+CVE-2024-4893 (DigiWin EasyFlow .NET lacks validation for certain input
parameters, a ...)
+ TODO: check
+CVE-2024-4847 (The Alt Text AI \u2013 Automatically generate image alt text
for SEO a ...)
+ TODO: check
+CVE-2024-4734 (The Import and export users and customers plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2024-4666 (The Borderless \u2013 Widgets, Elements, Templates and Toolkit
for Ele ...)
+ TODO: check
+CVE-2024-4656 (The Import and export users and customers plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2024-4636 (The Image Optimization by Optimole \u2013 Lazy Load, CDN,
Convert WebP ...)
+ TODO: check
+CVE-2024-4618 (The Exclusive Addons for Elementor plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-4562 (In WhatsUp Gold versions released before 2023.1.2 , an SSRF
vulnerab ...)
+ TODO: check
+CVE-2024-4561 (In WhatsUp Gold versions released before 2023.1.2 , a blind
SSRF vul ...)
+ TODO: check
+CVE-2024-4373 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal,
Data T ...)
+ TODO: check
+CVE-2024-4370 (The WPZOOM Addons for Elementor (Templates, Widgets) plugin for
WordPr ...)
+ TODO: check
+CVE-2024-4363 (The Visual Portfolio, Photo Gallery & Post Grid plugin for
WordPress i ...)
+ TODO: check
+CVE-2024-4208 (The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder
Feature ...)
+ TODO: check
+CVE-2024-4199 (The Bulk Posts Editing For WordPress plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-3824 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does
not hav ...)
+ TODO: check
+CVE-2024-3823 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does
not hav ...)
+ TODO: check
+CVE-2024-3822 (The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does
not san ...)
+ TODO: check
+CVE-2024-3749 (The SP Project & Document Manager WordPress plugin through 4.71
lacks ...)
+ TODO: check
+CVE-2024-3748 (The SP Project & Document Manager WordPress plugin through 4.71
is mis ...)
+ TODO: check
+CVE-2024-3744 (A security issue was discovered in azure-file-csi-driver where
an acto ...)
+ TODO: check
+CVE-2024-3634 (The month name translation benaceur WordPress plugin before
2.3.8 does ...)
+ TODO: check
+CVE-2024-3631 (The HL Twitter WordPress plugin through 2014.1.18 does not have
CSRF c ...)
+ TODO: check
+CVE-2024-3630 (The HL Twitter WordPress plugin through 2014.1.18 does not
sanitise an ...)
+ TODO: check
+CVE-2024-3629 (The HL Twitter WordPress plugin through 2014.1.18 does not have
CSRF c ...)
+ TODO: check
+CVE-2024-3548 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress
plugin b ...)
+ TODO: check
+CVE-2024-3407 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF
checks ...)
+ TODO: check
+CVE-2024-3406 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF
check ...)
+ TODO: check
+CVE-2024-3405 (The WP Prayer WordPress plugin through 2.0.9 does not have CSRF
check ...)
+ TODO: check
+CVE-2024-3189 (The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder
Features pl ...)
+ TODO: check
+CVE-2024-35175 (sshpiper is a reverse proxy for sshd. Starting in version
1.0.50 and p ...)
+ TODO: check
+CVE-2024-35109 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-35108 (idccms v1.35 was discovered to contain a Cross-Site Request
Forgery (C ...)
+ TODO: check
+CVE-2024-32888 (The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver
that provi ...)
+ TODO: check
+CVE-2024-31556 (An issue in Reportico Web before v.8.1.0 allows a local
attacker to ex ...)
+ TODO: check
+CVE-2024-31483 (An authenticated sensitive information disclosure
vulnerability exists ...)
+ TODO: check
+CVE-2024-31482 (An unauthenticated Denial-of-Service (DoS) vulnerability
exists in the ...)
+ TODO: check
+CVE-2024-31481 (Unauthenticated Denial of Service (DoS) vulnerabilities exist
in the C ...)
+ TODO: check
+CVE-2024-31480 (Unauthenticated Denial of Service (DoS) vulnerabilities exist
in the C ...)
+ TODO: check
+CVE-2024-31479 (Unauthenticated Denial of Service (DoS) vulnerabilities exist
in the C ...)
+ TODO: check
+CVE-2024-31478 (Multiple unauthenticated Denial-of-Service (DoS)
vulnerabilities exist ...)
+ TODO: check
+CVE-2024-31477 (Multiple authenticated command injection vulnerabilities exist
in the ...)
+ TODO: check
+CVE-2024-31476 (Multiple authenticated command injection vulnerabilities exist
in the ...)
+ TODO: check
+CVE-2024-31475 (There is an arbitrary file deletion vulnerability in the
Central Commu ...)
+ TODO: check
+CVE-2024-31474 (There is an arbitrary file deletion vulnerability in the CLI
service a ...)
+ TODO: check
+CVE-2024-31473 (There is a command injection vulnerability in the underlying
deauthent ...)
+ TODO: check
+CVE-2024-31472 (There are command injection vulnerabilities in the underlying
Soft AP ...)
+ TODO: check
+CVE-2024-31471 (There is a command injection vulnerability in the underlying
Central C ...)
+ TODO: check
+CVE-2024-31470 (There is a buffer overflow vulnerability in the underlying SAE
(Simult ...)
+ TODO: check
+CVE-2024-31469 (There are buffer overflow vulnerabilities in the underlying
Central Co ...)
+ TODO: check
+CVE-2024-31468 (There are buffer overflow vulnerabilities in the underlying
Central Co ...)
+ TODO: check
+CVE-2024-31467 (There are buffer overflow vulnerabilities in the underlying
CLI servic ...)
+ TODO: check
+CVE-2024-31466 (There are buffer overflow vulnerabilities in the underlying
CLI servic ...)
+ TODO: check
+CVE-2024-0437 (The Password Protected \u2013 Ultimate Plugin to Password
Protect Your ...)
+ TODO: check
+CVE-2023-33327 (Improper Privilege Management vulnerability in Teplitsa of
social tech ...)
+ TODO: check
+CVE-2024-3044 (Unchecked script execution in Graphic on-click binding in
affected Lib ...)
- libreoffice 4:24.2.3~rc1-2
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2024-3044/
CVE-2024-4871 (A vulnerability was found in Satellite. When running a remote
executio ...)
@@ -161655,8 +161765,8 @@ CVE-2022-28134 (Jenkins Bitbucket Server Integration
Plugin 3.1.0 and earlier do
NOT-FOR-US: Jenkins plugin
CVE-2022-28133 (Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier
does not ...)
NOT-FOR-US: Jenkins plugin
-CVE-2022-28132
- RESERVED
+CVE-2022-28132 (The T-Soft E-Commerce 4 web application is susceptible to SQL
injectio ...)
+ TODO: check
CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip in encoding/xml before
Go 1.17. ...)
- golang-1.18 1.18.4-1
- golang-1.15 <removed>
@@ -269262,8 +269372,8 @@ CVE-2020-26314
REJECTED
CVE-2020-26313
REJECTED
-CVE-2020-26312
- RESERVED
+CVE-2020-26312 (Dotmesh is a git-like command-line interface for capturing,
organizing ...)
+ TODO: check
CVE-2020-26311
RESERVED
CVE-2020-26310
@@ -277016,7 +277126,8 @@ CVE-2020-23068
RESERVED
CVE-2020-23067
RESERVED
-CVE-2020-23066 (Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and
before and v ...)
+CVE-2020-23066
+ REJECTED
- tinymce <removed> (bug #972642)
[buster] - tinymce <no-dsa> (Minor issue)
NOTE:
https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46925bfd3199d2d19018c74a0645d2bd901a88f3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46925bfd3199d2d19018c74a0645d2bd901a88f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
