Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d3969b9d by security tracker role at 2024-06-04T08:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2024-5485 (The SureTriggers \u2013 Connect All Your Plugins, Apps, Tools &
Automa ...)
+ TODO: check
+CVE-2024-5422 (An uncontrolled resource consumption of file descriptors in SEH
Comput ...)
+ TODO: check
+CVE-2024-5421 (Missing input validation and OS command integration of the
input in th ...)
+ TODO: check
+CVE-2024-5420 (Missing input validation in theSEH Computertechnik utnserver
Pro, SEH ...)
+ TODO: check
+CVE-2024-4997 (The WPUpper Share Buttons plugin for WordPress is vulnerable to
unauth ...)
+ TODO: check
+CVE-2024-4870 (The Frontend Registration \u2013 Contact Form 7 plugin for
WordPress i ...)
+ TODO: check
+CVE-2024-4857 (The FS Product Inquiry WordPress plugin through 1.1.1 does not
sanitis ...)
+ TODO: check
+CVE-2024-4856 (The FS Product Inquiry WordPress plugin through 1.1.1 does not
sanitis ...)
+ TODO: check
+CVE-2024-4750 (The buddyboss-platform WordPress plugin before 2.6.0 contains
an IDOR ...)
+ TODO: check
+CVE-2024-4749 (The wp-eMember WordPress plugin before 10.3.9 does not sanitize
and es ...)
+ TODO: check
+CVE-2024-4697 (The Cowidgets \u2013 Elementor Addons plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-4552 (The Social Login Lite For WooCommerce plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-4462 (The Nafeza Prayer Time plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-4274 (The Essential Real Estate plugin for WordPress is vulnerable to
unauth ...)
+ TODO: check
+CVE-2024-4273 (The Essential Real Estate plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-4253 (A command injection vulnerability exists in the
gradio-app/gradio repo ...)
+ TODO: check
+CVE-2024-4180 (The Events Calendar WordPress plugin before 6.4.0.1 does not
properly ...)
+ TODO: check
+CVE-2024-4057 (The Gutenberg Blocks with AI by Kadence WP WordPress plugin
before 3. ...)
+ TODO: check
+CVE-2024-3888 (The tagDiv Composer plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-3555 (The Social Link Pages: link-in-bio landing pages for your
social media ...)
+ TODO: check
+CVE-2024-3230 (The Download Attachments plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2024-3031 (The Fluid Notification Bar plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2024-36782 (TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a
hardcoded ...)
+ TODO: check
+CVE-2024-2470 (The Simple Ajax Chat WordPress plugin before 20240412 does not
saniti ...)
+ TODO: check
+CVE-2024-2382 (The Authorize.net Payment Gateway For WooCommerce plugin for
WordPress ...)
+ TODO: check
+CVE-2024-2019 (The WP-DB-Table-Editor plugin for WordPress is vulnerable to
unauthori ...)
+ TODO: check
+CVE-2024-29976 (** UNSUPPORTED WHEN ASSIGNED ** The improper privilege
management vuln ...)
+ TODO: check
+CVE-2024-29975 (** UNSUPPORTED WHEN ASSIGNED ** The improper privilege
management vuln ...)
+ TODO: check
+CVE-2024-29974 (** UNSUPPORTED WHEN ASSIGNED ** The remote code execution
vulnerabilit ...)
+ TODO: check
+CVE-2024-29973 (** UNSUPPORTED WHEN ASSIGNED ** The command injection
vulnerability in ...)
+ TODO: check
+CVE-2024-29972 (** UNSUPPORTED WHEN ASSIGNED ** The command injection
vulnerability in ...)
+ TODO: check
+CVE-2024-20887 (Arbitrary directory creation in GalaxyBudsManager PC prior to
version ...)
+ TODO: check
+CVE-2024-20886 (Arbitrary directory creation in Samsung Live Wallpaper PC
prior to ver ...)
+ TODO: check
+CVE-2024-20885 (Improper component protection vulnerability in Samsung Dialer
prior to ...)
+ TODO: check
+CVE-2024-20884 (Incorrect use of privileged API vulnerability in
getSemBatteryUsageSta ...)
+ TODO: check
+CVE-2024-20883 (Incorrect use of privileged API vulnerability in
registerBatteryStatsC ...)
+ TODO: check
+CVE-2024-20882 (Out-of-bounds read vulnerability in bootloader prior to SMR
June-2024 ...)
+ TODO: check
+CVE-2024-20881 (Improper input validation vulnerability in chnactiv TA prior
to SMR Ju ...)
+ TODO: check
+CVE-2024-20880 (Stack-based buffer overflow vulnerability in bootloader prior
to SMR J ...)
+ TODO: check
+CVE-2024-20879 (Improper input validation vulnerability in libsavscmn.so prior
to SMR ...)
+ TODO: check
+CVE-2024-20878 (Heap out-of-bound write vulnerability in parsing grid image in
libsavs ...)
+ TODO: check
+CVE-2024-20877 (Heap out-of-bound write vulnerability in parsing grid image
header in ...)
+ TODO: check
+CVE-2024-20876 (Improper input validation in libsheifdecadapter.so prior to
SMR Jun-20 ...)
+ TODO: check
+CVE-2024-20875 (Improper caller verification vulnerability in SemClipboard
prior to SM ...)
+ TODO: check
+CVE-2024-20874 (Improper access control vulnerability in SmartManagerCN prior
to SMR J ...)
+ TODO: check
+CVE-2024-20873 (Improper input validation vulnerability in caminfo driver
prior to SMR ...)
+ TODO: check
+CVE-2024-1718 (The Claudio Sanches \u2013 Checkout Cielo for WooCommerce
plugin for W ...)
+ TODO: check
+CVE-2024-1717 (The Admin Notices Manager plugin for WordPress is vulnerable to
unauth ...)
+ TODO: check
+CVE-2024-0757 (The Insert or Embed Articulate Content into WordPress plugin
through 4 ...)
+ TODO: check
+CVE-2023-44235 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2023-41134 (Authentication Bypass by Spoofing vulnerability in
pluginkollektiv Ant ...)
+ TODO: check
+CVE-2023-40673 (: Improper Control of Interaction Frequency vulnerability in
cartpauj ...)
+ TODO: check
+CVE-2023-40557 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2023-40332 (Improper Control of Interaction Frequency vulnerability in
Lester \u20 ...)
+ TODO: check
+CVE-2023-39161 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2023-38520 (External Control of Assumed-Immutable Web Parameter
vulnerability in P ...)
+ TODO: check
+CVE-2023-37865 (Authentication Bypass by Spoofing vulnerability in IP2Location
Downloa ...)
+ TODO: check
+CVE-2023-34001 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2023-33930 (Unrestricted Upload of File with Dangerous Type vulnerability
in Unlim ...)
+ TODO: check
CVE-2024-5404 (An unauthenticated remote attackercan change the admin password
in amo ...)
NOT-FOR-US: ifm electronic GmbH
CVE-2024-5388
@@ -142,7 +260,7 @@ CVE-2023-43538 (Memory corruption in TZ Secure OS while
Tunnel Invoke Manager in
TODO: check
CVE-2023-43537 (Information disclosure while handling T2LM Action Frame in
WLAN Host.)
TODO: check
-CVE-2024-36104
+CVE-2024-36104 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: Apache OFBiz
CVE-2024-5590 (A vulnerability was found in Netentsec NS-ASG Application
Security Gat ...)
NOT-FOR-US: Netentsec
@@ -18109,7 +18227,8 @@ CVE-2024-3804 (A vulnerability, which was classified as
critical, has been found
NOT-FOR-US: Vesystem Cloud Desktop
CVE-2024-3803 (A vulnerability classified as critical was found in Vesystem
Cloud Des ...)
NOT-FOR-US: Vesystem Cloud Desktop
-CVE-2024-3802 (Vulnerabilities in Celeste 22.x was vulnerable to takeover from
unauth ...)
+CVE-2024-3802
+ REJECTED
NOT-FOR-US: Celeste
CVE-2024-3797 (A vulnerability was found in SourceCodester QR Code Bookmark
System 1. ...)
NOT-FOR-US: SourceCodester QR Code Bookmark System
@@ -88738,12 +88857,12 @@ CVE-2023-28496 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-28495 (Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop
WP Shor ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28494
- RESERVED
+CVE-2023-28494 (Missing Authorization vulnerability in CodePeople Contact Form
Email a ...)
+ TODO: check
CVE-2023-28493 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS)
vulnerability ...)
NOT-FOR-US: Wordpress theme
-CVE-2023-28492
- RESERVED
+CVE-2023-28492 (Missing Authorization vulnerability in CodePeople CP Multi
View Event ...)
+ TODO: check
CVE-2023-28491 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28490 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Estatik ...)
@@ -92346,8 +92465,8 @@ CVE-2023-27462 (A vulnerability has been identified in
RUGGEDCOM CROSSBOW (All v
NOT-FOR-US: RUGGEDCOM CROSSBOW
CVE-2023-27461 (Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo
Plugins When ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27460
- RESERVED
+CVE-2023-27460 (Missing Authorization vulnerability in CodePeople, paypaldev
CP Contac ...)
+ TODO: check
CVE-2023-27459 (Deserialization of Untrusted Data vulnerability in WPEverest
User Regi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27458 (Cross-Site Request Forgery (CSRF) vulnerability in wpstream
WpStream p ...)
@@ -92392,8 +92511,8 @@ CVE-2023-27439 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-27438 (Cross-Site Request Forgery (CSRF) vulnerability in Evgen
Yurchenko WP ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27437
- RESERVED
+CVE-2023-27437 (Missing Authorization vulnerability in Event Espresso Event
Espresso 4 ...)
+ TODO: check
CVE-2023-27436 (Cross-Site Request Forgery (CSRF) vulnerability in Louis
Reingold Eleg ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27435 (Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed
Siddiqui ...)
@@ -94679,12 +94798,12 @@ CVE-2023-26525 (Improper Neutralization of Special
Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2023-26524 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech
Quiz An ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26523
- RESERVED
+CVE-2023-26523 (Missing Authorization vulnerability in CodePeople Calculated
Fields Fo ...)
+ TODO: check
CVE-2023-26522
RESERVED
-CVE-2023-26521
- RESERVED
+CVE-2023-26521 (Missing Authorization vulnerability in CodePeople Search in
Place allo ...)
+ TODO: check
CVE-2023-26520
RESERVED
CVE-2023-26519 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Alex ...)
@@ -101523,8 +101642,8 @@ CVE-2023-24375
RESERVED
CVE-2023-24374 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24373
- RESERVED
+CVE-2023-24373 (External Control of Assumed-Immutable Web Parameter
vulnerability in W ...)
+ TODO: check
CVE-2023-24372 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in USB ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23579 (Datakit CrossCadWare_x64.dll contains an out-of-bounds write
past the ...)
@@ -103290,14 +103409,14 @@ CVE-2023-23740
RESERVED
CVE-2023-23739
RESERVED
-CVE-2023-23738
- RESERVED
+CVE-2023-23738 (Improper Neutralization of Special Elements in Output Used by
a Downst ...)
+ TODO: check
CVE-2023-23737 (Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP
Broken Lin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23736
RESERVED
-CVE-2023-23735
- RESERVED
+CVE-2023-23735 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
CVE-2023-23734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Davi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23733 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Joel ...)
@@ -103306,8 +103425,8 @@ CVE-2023-23732 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23731 (Cross-Site Request Forgery (CSRF) vulnerability in HasTheme
WishSuite ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23730
- RESERVED
+CVE-2023-23730 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
CVE-2023-23729
RESERVED
CVE-2023-23728 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Winwa ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3969b9d65945f82db3a83da865fa5e48bcbb896
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3969b9d65945f82db3a83da865fa5e48bcbb896
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
