From 9c638f005567a6d98cf402d17972adbb2da8baa2 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 26 Apr 2024 20:12:16 +0000 Subject: automatic update --- data/CVE/list | 155 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 150 insertions(+), 5 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 83a26e6c51..a9e8ed8749 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,4 +1,146 @@ -CVE-2023-52646 [aio: fix mremap after fork null-deref] +CVE-2024-4238 (A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified ...) + TODO: check +CVE-2024-4237 (A vulnerability, which was classified as critical, was found in Tenda ...) + TODO: check +CVE-2024-4236 (A vulnerability, which was classified as critical, has been found in T ...) + TODO: check +CVE-2024-4235 (A vulnerability classified as problematic was found in Netgear DG834Gv ...) + TODO: check +CVE-2024-4234 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-4198 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 ...) + TODO: check +CVE-2024-4195 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 ...) + TODO: check +CVE-2024-4183 (Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x bef ...) + TODO: check +CVE-2024-4182 (Mattermost versions 9.6.0, 9.5.x before 9.5.3, 9.4.x before 9.4.5, and ...) + TODO: check +CVE-2024-3962 (The Product Addons & Fields for WooCommerce plugin for WordPress is vu ...) + TODO: check +CVE-2024-3682 (The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable ...) + TODO: check +CVE-2024-3076 (The MM-email2image WordPress plugin through 0.2.5 does not have CSRF c ...) + TODO: check +CVE-2024-33697 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33696 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33695 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33693 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33692 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2024-33691 (Cross-Site Request Forgery (CSRF) vulnerability in OptinMonster Popup ...) + TODO: check +CVE-2024-33690 (Cross-Site Request Forgery (CSRF) vulnerability in Jegstudio Financio. ...) + TODO: check +CVE-2024-33689 (Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli, Tony Ha ...) + TODO: check +CVE-2024-33688 (Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Telur ...) + TODO: check +CVE-2024-33683 (Cross-Site Request Forgery (CSRF) vulnerability in WP Republic Hide Da ...) + TODO: check +CVE-2024-33682 (Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information ...) + TODO: check +CVE-2024-33680 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child ...) + TODO: check +CVE-2024-33679 (Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameThem ...) + TODO: check +CVE-2024-33678 (Cross-Site Request Forgery (CSRF) vulnerability in ClickCease ClickCea ...) + TODO: check +CVE-2024-33677 (Cross-Site Request Forgery (CSRF) vulnerability in Renzo Johnson Conta ...) + TODO: check +CVE-2024-33344 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in fte ...) + TODO: check +CVE-2024-33343 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in Chg ...) + TODO: check +CVE-2024-33342 (D-Link DIR-822+ V1.0.5 was found to contain a command injection in Set ...) + TODO: check +CVE-2024-33263 (QuickJS commit 3b45d15 was discovered to contain an Assertion Failure ...) + TODO: check +CVE-2024-33260 (Jerryscript commit cefd391 was discovered to contain a segmentation vi ...) + TODO: check +CVE-2024-33259 (Jerryscript commit cefd391 was discovered to contain a segmentation vi ...) + TODO: check +CVE-2024-33258 (Jerryscript commit ff9ff8f was discovered to contain a segmentation vi ...) + TODO: check +CVE-2024-33255 (Jerryscript commit cefd391 was discovered to contain an Assertion Fail ...) + TODO: check +CVE-2024-32957 (Missing Authorization vulnerability in Live Composer Team Page Builder ...) + TODO: check +CVE-2024-32884 (gitoxide is a pure Rust implementation of Git. `gix-transport` does no ...) + TODO: check +CVE-2024-32880 (pyload is an open-source Download Manager written in pure Python. An a ...) + TODO: check +CVE-2024-32829 (Missing Authorization vulnerability in Supsystic Data Tables Generator ...) + TODO: check +CVE-2024-32828 (Missing Authorization vulnerability in Octolize Flexible Shipping.This ...) + TODO: check +CVE-2024-32826 (Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.T ...) + TODO: check +CVE-2024-32822 (Missing Authorization vulnerability in impleCode Reviews Plus.This iss ...) + TODO: check +CVE-2024-32766 (An OS command injection vulnerability has been reported to affect seve ...) + TODO: check +CVE-2024-32764 (A missing authentication for critical function vulnerability has been ...) + TODO: check +CVE-2024-32730 (SAP Enable Now Manager does not perform necessary authorization checks ...) + TODO: check +CVE-2024-32476 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + TODO: check +CVE-2024-32046 (Mattermost versions 9.6.x <= 9.6.0, 9.5.x <= 9.5.2, 9.4.x <= 9.4.4 and ...) + TODO: check +CVE-2024-28328 (CSV Injection vulnerability in the Asus RT-N12+ router allows administ ...) + TODO: check +CVE-2024-28327 (Asus RT-N12+ B1 router stores user passwords in plaintext, which could ...) + TODO: check +CVE-2024-28326 (Incorrect Access Control in Asus RT-N12+ B1 routers allows local attac ...) + TODO: check +CVE-2024-28325 (Asus RT-N12+ B1 router stores credentials in cleartext, which could al ...) + TODO: check +CVE-2024-27790 (Claris International has resolved an issue of potentially allowing una ...) + TODO: check +CVE-2024-27124 (An OS command injection vulnerability has been reported to affect seve ...) + TODO: check +CVE-2024-25343 (Tenda N300 F3 router vulnerability allows users to bypass intended sec ...) + TODO: check +CVE-2024-22091 (Mattermost versions 8.1.x <= 8.1.10, 9.6.x <= 9.6.0, 9.5.x <= 9.5.2 an ...) + TODO: check +CVE-2024-21905 (An integer overflow or wraparound vulnerability has been reported to a ...) + TODO: check +CVE-2024-1789 (The WP SMTP plugin for WordPress is vulnerable to SQL Injection via th ...) + TODO: check +CVE-2024-0740 (Eclipse Target Management: Terminal and Remote System Explorer (RSE) v ...) + TODO: check +CVE-2023-51794 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a ...) + TODO: check +CVE-2023-51365 (A path traversal vulnerability has been reported to affect several QNA ...) + TODO: check +CVE-2023-51364 (A path traversal vulnerability has been reported to affect several QNA ...) + TODO: check +CVE-2023-50364 (A buffer copy without checking size of input vulnerability has been re ...) + TODO: check +CVE-2023-50363 (An incorrect authorization vulnerability has been reported to affect s ...) + TODO: check +CVE-2023-50362 (A buffer copy without checking size of input vulnerability has been re ...) + TODO: check +CVE-2023-50361 (A buffer copy without checking size of input vulnerability has been re ...) + TODO: check +CVE-2023-47222 (An exposure of sensitive information vulnerability has been reported t ...) + TODO: check +CVE-2023-42955 (Claris International has successfully resolved an issue of potentially ...) + TODO: check +CVE-2023-41291 (A path traversal vulnerability has been reported to affect QuFirewall. ...) + TODO: check +CVE-2023-41290 (A path traversal vulnerability has been reported to affect QuFirewall. ...) + TODO: check +CVE-2022-48611 (A logic issue was addressed with improved checks. This issue is fixed ...) + TODO: check +CVE-2023-52646 (In the Linux kernel, the following vulnerability has been resolved: a ...) - linux 6.1.15-1 [bullseye] - linux 5.10.178-1 [buster] - linux 4.19.282-1 @@ -295,14 +437,17 @@ CVE-2024-26923 (In the Linux kernel, the following vulnerability has been resolv - linux NOTE: https://git.kernel.org/linus/47d8ac011fe1c9251070e1bd64cb10b48193ec51 (6.9-rc4) CVE-2024-4060 + {DSA-5675-1} - chromium 124.0.6367.78-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4059 + {DSA-5675-1} - chromium 124.0.6367.78-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) CVE-2024-4058 + {DSA-5675-1} - chromium 124.0.6367.78-1 [bullseye] - chromium (see #1061268) [buster] - chromium (see DSA 5046) @@ -79110,8 +79255,8 @@ CVE-2023-26604 (systemd before 247 does not adequately block local privilege esc NOTE: https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7 NOTE: https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340 NOTE: https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/ -CVE-2023-26603 - RESERVED +CVE-2023-26603 (JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory ...) + TODO: check CVE-2022-48363 (In MPD before 0.23.8, as used on Automotive Grade Linux and other plat ...) NOT-FOR-US: MPD as used by Automotive Grade Linux CVE-2023-26602 (ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to ex ...) @@ -116541,8 +116686,8 @@ CVE-2022-41134 (Cross-Site Request Forgery (CSRF) inOptinlyHQ Optinly \u2013 Exi NOT-FOR-US: WordPress plugin CVE-2022-41132 (Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerabi ...) NOT-FOR-US: WordPress plugin -CVE-2022-40975 - RESERVED +CVE-2022-40975 (Missing Authorization vulnerability in Aazztech Post Slider.This issue ...) + TODO: check CVE-2022-40966 (Authentication bypass vulnerability in multiple Buffalo network device ...) NOT-FOR-US: Buffalo CVE-2022-40702 (Missing Authorization vulnerability in Zorem Advanced Local Pickup for ...) -- cgit v1.2.3