[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 24 21:12:31 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2879bc35 by security tracker role at 2023-10-24T20:12:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,56 +1,183 @@
-CVE-2023-5732
+CVE-2023-5753 (Potential buffer overflows in the Bluetooth subsystem due to asserts b ...)
+	TODO: check
+CVE-2023-5748 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...)
+	TODO: check
+CVE-2023-5745 (The Reusable Text Blocks plugin for WordPress is vulnerable to Stored  ...)
+	TODO: check
+CVE-2023-5744 (The Very Simple Google Maps plugin for WordPress is vulnerable to Stor ...)
+	TODO: check
+CVE-2023-5740 (The Live Chat with Facebook Messenger plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2023-5127 (The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2023-5126 (The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2023-5110 (The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2023-5085 (The Advanced Menu Widget plugin for WordPress is vulnerable to Stored  ...)
+	TODO: check
+CVE-2023-46373 (TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the f ...)
+	TODO: check
+CVE-2023-46371 (TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability vi ...)
+	TODO: check
+CVE-2023-46370 (Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via  ...)
+	TODO: check
+CVE-2023-46369 (Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability vi ...)
+	TODO: check
+CVE-2023-46204 (Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. ...)
+	TODO: check
+CVE-2023-46202 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Log ...)
+	TODO: check
+CVE-2023-46198 (Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Soluti ...)
+	TODO: check
+CVE-2023-46193 (Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing  ...)
+	TODO: check
+CVE-2023-46191 (Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar ...)
+	TODO: check
+CVE-2023-46190 (Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map ...)
+	TODO: check
+CVE-2023-46189 (Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar \u2 ...)
+	TODO: check
+CVE-2023-46152 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...)
+	TODO: check
+CVE-2023-46151 (Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Produc ...)
+	TODO: check
+CVE-2023-46150 (Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radi ...)
+	TODO: check
+CVE-2023-46128 (Nautobot is a Network Automation Platform built as a web application a ...)
+	TODO: check
+CVE-2023-46071 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDat ...)
+	TODO: check
+CVE-2023-46070 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel ...)
+	TODO: check
+CVE-2023-46069 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
+CVE-2023-46068 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQue ...)
+	TODO: check
+CVE-2023-46010 (An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary comm ...)
+	TODO: check
+CVE-2023-45960 (An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a r ...)
+	TODO: check
+CVE-2023-45837 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ul ...)
+	TODO: check
+CVE-2023-45835 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn L ...)
+	TODO: check
+CVE-2023-45833 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Lead ...)
+	TODO: check
+CVE-2023-45832 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mart ...)
+	TODO: check
+CVE-2023-45829 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
+CVE-2023-45772 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit  ...)
+	TODO: check
+CVE-2023-45770 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpsp ...)
+	TODO: check
+CVE-2023-45769 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Rav ...)
+	TODO: check
+CVE-2023-45768 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Step ...)
+	TODO: check
+CVE-2023-45767 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Woka ...)
+	TODO: check
+CVE-2023-45764 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
+	TODO: check
+CVE-2023-45761 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Joovii S ...)
+	TODO: check
+CVE-2023-45759 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Peter Ke ...)
+	TODO: check
+CVE-2023-45758 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
+	TODO: check
+CVE-2023-45756 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spider T ...)
+	TODO: check
+CVE-2023-45755 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Budd ...)
+	TODO: check
+CVE-2023-45754 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Th ...)
+	TODO: check
+CVE-2023-45750 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH ...)
+	TODO: check
+CVE-2023-45747 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Syed ...)
+	TODO: check
+CVE-2023-45646 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
+CVE-2023-45644 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anur ...)
+	TODO: check
+CVE-2023-45640 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
+CVE-2023-45637 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPri ...)
+	TODO: check
+CVE-2023-45634 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Biztechc ...)
+	TODO: check
+CVE-2023-43510 (A vulnerability in the ClearPass Policy Manager web-basedmanagement in ...)
+	TODO: check
+CVE-2023-43509 (A vulnerability in the web-based management interface ofClearPass Poli ...)
+	TODO: check
+CVE-2023-43508 (Vulnerabilities in the web-based management interface ofClearPass Poli ...)
+	TODO: check
+CVE-2023-43507 (A vulnerability in the web-based management interface ofClearPass Poli ...)
+	TODO: check
+CVE-2023-43506 (A vulnerability in the ClearPass OnGuard Linux agent couldallow malici ...)
+	TODO: check
+CVE-2023-42031 (IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard C ...)
+	TODO: check
+CVE-2023-39924 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitc ...)
+	TODO: check
+CVE-2023-39619 (ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a  ...)
+	TODO: check
+CVE-2023-39231 (PingFederate using the PingOne MFA adapter allows a new MFA device to  ...)
+	TODO: check
+CVE-2023-5732 (An attacker could have created a malicious link using bidirectional ch ...)
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5732
-CVE-2023-5731
+CVE-2023-5731 (Memory safety bugs present in Firefox 118. Some of these bugs showed e ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5731
-CVE-2023-5730
+CVE-2023-5730 (Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thun ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5730
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5730
-CVE-2023-5729
+CVE-2023-5729 (A malicious web site can enter fullscreen mode while simultaneously tr ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5729
-CVE-2023-5728
+CVE-2023-5728 (During garbage collection extra operations were performed on a object  ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5728
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5728
-CVE-2023-5727
+CVE-2023-5727 (The executable file warning was not presented when downloading .msix,  ...)
 	- firefox <not-affected> (Only affects Firefox on Windows)
 	- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5727
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5727
-CVE-2023-5726
+CVE-2023-5726 (A website could have obscured the full screen notification by using th ...)
 	- firefox <not-affected> (Only affects Firefox on MacOS)
 	- firefox-esr <not-affected> (Only affects Firefox ESR on MacOS)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5726
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5726
-CVE-2023-5725
+CVE-2023-5725 (A malicious installed WebExtension could open arbitrary URLs, which un ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5725
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5725
-CVE-2023-5724
+CVE-2023-5724 (Drivers are not always robust to extremely large draw calls and in som ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5724
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5724
-CVE-2023-5723
+CVE-2023-5723 (An attacker with temporary script access to a site could have set a co ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5723
-CVE-2023-5722
+CVE-2023-5722 (Using iterative requests an attacker was able to learn the size of an  ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5722
-CVE-2023-5721
+CVE-2023-5721 (It was possible for certain browser prompts and dialogs to be activate ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5721
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5721
 CVE-2023-5746 (A vulnerability regarding use of externally-controlled format string i ...)
 	NOT-FOR-US: Synology
-CVE-2023-5363 [Incorrect cipher key & IV length processing]
+CVE-2023-5363 (Issue summary: A bug has been identified in the processing of key and  ...)
+	{DSA-5532-1}
 	- openssl <unfixed>
 	[bullseye] - openssl <not-affected> (Vulnerable code not present)
 	[buster] - openssl <not-affected> (Vulnerable code not present)
@@ -41793,8 +41920,8 @@ CVE-2023-25034 (Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP C
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25033 (Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share B ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-25032
-	RESERVED
+CVE-2023-25032 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prin ...)
+	TODO: check
 CVE-2023-25031 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25030
@@ -66859,8 +66986,8 @@ CVE-2023-20275
 	RESERVED
 CVE-2023-20274
 	RESERVED
-CVE-2023-20273
-	RESERVED
+CVE-2023-20273 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
+	TODO: check
 CVE-2023-20272
 	RESERVED
 CVE-2023-20271
@@ -162925,7 +163052,7 @@ CVE-2021-35993 (Adobe After Effects version 18.2.1 (and earlier) is affected by
 	NOT-FOR-US: Adobe
 CVE-2021-35992 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...)
 	NOT-FOR-US: Adobe
-CVE-2021-35991 (Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitiali ...)
+CVE-2021-35991 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Access of  ...)
 	NOT-FOR-US: Adobe
 CVE-2021-35990 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...)
 	NOT-FOR-US: Adobe



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2879bc3571e3131f8fe0b970af131e8973d699aa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2879bc3571e3131f8fe0b970af131e8973d699aa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231024/128cf21b/attachment.htm>


More information about the debian-security-tracker-commits mailing list