[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 20 20:12:29 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
86f61b6c by security tracker role at 2023-11-20T20:12:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,116 @@
+CVE-2023-6197 (The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Re ...)
+	TODO: check
+CVE-2023-6196 (The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Re ...)
+	TODO: check
+CVE-2023-6045 (in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitr ...)
+	TODO: check
+CVE-2023-5799 (The WP Hotel Booking WordPress plugin before 2.0.8 does not have prope ...)
+	TODO: check
+CVE-2023-5652 (The WP Hotel Booking WordPress plugin before 2.0.8 does not have autho ...)
+	TODO: check
+CVE-2023-5651 (The WP Hotel Booking WordPress plugin before 2.0.8 does not have autho ...)
+	TODO: check
+CVE-2023-5640 (The Article Analytics WordPress plugin does not properly sanitise and  ...)
+	TODO: check
+CVE-2023-5610 (The Seraphinite Accelerator WordPress plugin before 2.2.29 does not va ...)
+	TODO: check
+CVE-2023-5609 (The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sa ...)
+	TODO: check
+CVE-2023-5593 (The out-of-bounds write vulnerability in the Windows-based SecuExtende ...)
+	TODO: check
+CVE-2023-5509 (The myStickymenu WordPress plugin before 2.6.5 does not adequately aut ...)
+	TODO: check
+CVE-2023-5343 (The Popup box WordPress plugin before 3.7.9 does not sanitise and esca ...)
+	TODO: check
+CVE-2023-5340 (The Five Star Restaurant Menu and Food Ordering WordPress plugin befor ...)
+	TODO: check
+CVE-2023-5140 (The Bonus for Woo WordPress plugin before 5.8.3 does not sanitise and  ...)
+	TODO: check
+CVE-2023-5119 (The Forminator WordPress plugin before 1.27.0 does not properly saniti ...)
+	TODO: check
+CVE-2023-4970 (The PubyDoc WordPress plugin through 2.0.6 does not sanitise and escap ...)
+	TODO: check
+CVE-2023-4824 (The WooHoo Newspaper Magazine theme does not have CSRF check in place  ...)
+	TODO: check
+CVE-2023-4808 (The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and ...)
+	TODO: check
+CVE-2023-4799 (The Magic Embeds WordPress plugin through 3.0.10 does not validate and ...)
+	TODO: check
+CVE-2023-48309 (NextAuth.js provides authentication for Next.js. `next-auth` applicati ...)
+	TODO: check
+CVE-2023-48300 (The `Embed Privacy` plugin for WordPress that prevents the loading of  ...)
+	TODO: check
+CVE-2023-48293 (The XWiki Admin Tools Application provides tools to help the administr ...)
+	TODO: check
+CVE-2023-48292 (The XWiki Admin Tools Application provides tools to help the administr ...)
+	TODO: check
+CVE-2023-48241 (XWiki Platform is a generic wiki platform. Starting in version 6.3-mil ...)
+	TODO: check
+CVE-2023-48240 (XWiki Platform is a generic wiki platform. The rendered diff in XWiki  ...)
+	TODO: check
+CVE-2023-48223 (fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to v ...)
+	TODO: check
+CVE-2023-48221 (wire-avs provides Audio, Visual, and Signaling (AVS) functionality sur ...)
+	TODO: check
+CVE-2023-48218 (The Strapi Protected Populate Plugin protects `get` endpoints from rev ...)
+	TODO: check
+CVE-2023-48111 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...)
+	TODO: check
+CVE-2023-48110 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via th ...)
+	TODO: check
+CVE-2023-48109 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via th ...)
+	TODO: check
+CVE-2023-48090 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in ...)
+	TODO: check
+CVE-2023-48039 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in  ...)
+	TODO: check
+CVE-2023-47772 (Contributor+Stored Cross-Site Scripting (XSS) vulnerability in Slider  ...)
+	TODO: check
+CVE-2023-47417 (Cross Site Scripting (XSS) vulnerability in the component /shells/embe ...)
+	TODO: check
+CVE-2023-47217 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause  ...)
+	TODO: check
+CVE-2023-46990 (Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a ...)
+	TODO: check
+CVE-2023-46705 (in OpenHarmony v3.2.2 and prior versions allow a local attacker causes ...)
+	TODO: check
+CVE-2023-46100 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get se ...)
+	TODO: check
+CVE-2023-43612 (in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitr ...)
+	TODO: check
+CVE-2023-42774 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get co ...)
+	TODO: check
+CVE-2023-3116 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get co ...)
+	TODO: check
+CVE-2023-38885 (OpenSIS Classic Community Edition version 9.0 lacks cross-site request ...)
+	TODO: check
+CVE-2023-38884 (An Insecure Direct Object Reference (IDOR) vulnerability in the Commun ...)
+	TODO: check
+CVE-2023-38883 (A reflected cross-site scripting (XSS) vulnerability in the Community  ...)
+	TODO: check
+CVE-2023-38882 (A reflected cross-site scripting (XSS) vulnerability in the Community  ...)
+	TODO: check
+CVE-2023-38881 (A reflected cross-site scripting (XSS) vulnerability in the Community  ...)
+	TODO: check
+CVE-2023-38880 (The Community Edition version 9.0 of OS4ED's openSIS Classic has a bro ...)
+	TODO: check
+CVE-2023-38879 (The Community Edition version 9.0 of OS4ED's openSIS Classic allows re ...)
+	TODO: check
+CVE-2023-38823 (Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC ...)
+	TODO: check
+CVE-2023-36013 (PowerShell Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-35762 (Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to ope ...)
+	TODO: check
+CVE-2023-29155 (Versions of INEA ME RTU firmware 3.36b and prior do not require authen ...)
+	TODO: check
 CVE-2023-47175 (Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2 ...)
 	NOT-FOR-US: LuxCal Web Calendar
 CVE-2023-46700 (SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (My ...)
 	NOT-FOR-US: LuxCal Web Calendar
 CVE-2023-3379 (Wago web-based management of multiple products has a vulnerability whi ...)
 	NOT-FOR-US: Wago
-CVE-2023-46302
+CVE-2023-46302 (Apache Software Foundation Apache Submarine has a bug when serializing ...)
 	NOT-FOR-US: Apache Submarine
 CVE-2023-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloa ...)
 	NOT-FOR-US: WordPress plugin
@@ -62660,8 +62766,7 @@ CVE-2022-4208 (The Chained Quiz plugin for WordPress is vulnerable to Reflected
 	NOT-FOR-US: Chained Quiz plugin for WordPress
 CVE-2022-41985 (An authentication bypass vulnerability exists in the Authentication fu ...)
 	NOT-FOR-US: uC-FTPs
-CVE-2022-46337
-	RESERVED
+CVE-2022-46337 (A cleverly devised username might bypass LDAP authentication checks. I ...)
 	- derby <unfixed>
 	NOTE: https://issues.apache.org/jira/browse/DERBY-7147
 	NOTE: https://www.openwall.com/lists/oss-security/2023/11/19/3
@@ -189760,8 +189865,8 @@ CVE-2021-27431 (ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to intege
 	NOT-FOR-US: ARM CMSIS RTOS2
 CVE-2021-27430 (GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused ha ...)
 	NOT-FOR-US: General Electric Universal Relays
-CVE-2021-27429
-	RESERVED
+CVE-2021-27429 (Texas Instruments TI-RTOS returns a valid pointer to a small buffer on ...)
+	TODO: check
 CVE-2021-27428 (GE UR IED firmware versions prior to version 8.1x supports upgrading f ...)
 	NOT-FOR-US: General Electric Universal Relays
 CVE-2021-27427 (RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its  ...)
@@ -201494,8 +201599,8 @@ CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an ou
 	NOT-FOR-US: Fatek FvDesigner
 CVE-2021-22637 (Multiple stack-based buffer overflow issues have been identified in th ...)
 	NOT-FOR-US: Fuji Electric
-CVE-2021-22636
-	RESERVED
+CVE-2021-22636 (Texas Instruments TI-RTOS, when configured to use HeapMem heap(default ...)
+	TODO: check
 CVE-2021-22635
 	RESERVED
 CVE-2021-22634



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86f61b6c4d958f1410ff6000eab6ea4f5d9309ee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86f61b6c4d958f1410ff6000eab6ea4f5d9309ee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231120/cb21c410/attachment.htm>

More information about the debian-security-tracker-commits mailing list