[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 24 21:12:31 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2879bc35 by security tracker role at 2023-10-24T20:12:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,56 +1,183 @@
-CVE-2023-5732
+CVE-2023-5753 (Potential buffer overflows in the Bluetooth subsystem due to asserts b ...)
+ TODO: check
+CVE-2023-5748 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...)
+ TODO: check
+CVE-2023-5745 (The Reusable Text Blocks plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-5744 (The Very Simple Google Maps plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2023-5740 (The Live Chat with Facebook Messenger plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2023-5127 (The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2023-5126 (The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2023-5110 (The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2023-5085 (The Advanced Menu Widget plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-46373 (TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the f ...)
+ TODO: check
+CVE-2023-46371 (TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability vi ...)
+ TODO: check
+CVE-2023-46370 (Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via ...)
+ TODO: check
+CVE-2023-46369 (Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability vi ...)
+ TODO: check
+CVE-2023-46204 (Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. ...)
+ TODO: check
+CVE-2023-46202 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Log ...)
+ TODO: check
+CVE-2023-46198 (Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Soluti ...)
+ TODO: check
+CVE-2023-46193 (Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing ...)
+ TODO: check
+CVE-2023-46191 (Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar ...)
+ TODO: check
+CVE-2023-46190 (Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map ...)
+ TODO: check
+CVE-2023-46189 (Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar \u2 ...)
+ TODO: check
+CVE-2023-46152 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...)
+ TODO: check
+CVE-2023-46151 (Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Produc ...)
+ TODO: check
+CVE-2023-46150 (Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radi ...)
+ TODO: check
+CVE-2023-46128 (Nautobot is a Network Automation Platform built as a web application a ...)
+ TODO: check
+CVE-2023-46071 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDat ...)
+ TODO: check
+CVE-2023-46070 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel ...)
+ TODO: check
+CVE-2023-46069 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-46068 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQue ...)
+ TODO: check
+CVE-2023-46010 (An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary comm ...)
+ TODO: check
+CVE-2023-45960 (An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a r ...)
+ TODO: check
+CVE-2023-45837 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ul ...)
+ TODO: check
+CVE-2023-45835 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn L ...)
+ TODO: check
+CVE-2023-45833 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Lead ...)
+ TODO: check
+CVE-2023-45832 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mart ...)
+ TODO: check
+CVE-2023-45829 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-45772 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit ...)
+ TODO: check
+CVE-2023-45770 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpsp ...)
+ TODO: check
+CVE-2023-45769 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Rav ...)
+ TODO: check
+CVE-2023-45768 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Step ...)
+ TODO: check
+CVE-2023-45767 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Woka ...)
+ TODO: check
+CVE-2023-45764 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
+ TODO: check
+CVE-2023-45761 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Joovii S ...)
+ TODO: check
+CVE-2023-45759 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Peter Ke ...)
+ TODO: check
+CVE-2023-45758 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
+ TODO: check
+CVE-2023-45756 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spider T ...)
+ TODO: check
+CVE-2023-45755 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Budd ...)
+ TODO: check
+CVE-2023-45754 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Th ...)
+ TODO: check
+CVE-2023-45750 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH ...)
+ TODO: check
+CVE-2023-45747 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Syed ...)
+ TODO: check
+CVE-2023-45646 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-45644 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anur ...)
+ TODO: check
+CVE-2023-45640 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-45637 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPri ...)
+ TODO: check
+CVE-2023-45634 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Biztechc ...)
+ TODO: check
+CVE-2023-43510 (A vulnerability in the ClearPass Policy Manager web-basedmanagement in ...)
+ TODO: check
+CVE-2023-43509 (A vulnerability in the web-based management interface ofClearPass Poli ...)
+ TODO: check
+CVE-2023-43508 (Vulnerabilities in the web-based management interface ofClearPass Poli ...)
+ TODO: check
+CVE-2023-43507 (A vulnerability in the web-based management interface ofClearPass Poli ...)
+ TODO: check
+CVE-2023-43506 (A vulnerability in the ClearPass OnGuard Linux agent couldallow malici ...)
+ TODO: check
+CVE-2023-42031 (IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard C ...)
+ TODO: check
+CVE-2023-39924 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitc ...)
+ TODO: check
+CVE-2023-39619 (ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a ...)
+ TODO: check
+CVE-2023-39231 (PingFederate using the PingOne MFA adapter allows a new MFA device to ...)
+ TODO: check
+CVE-2023-5732 (An attacker could have created a malicious link using bidirectional ch ...)
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5732
-CVE-2023-5731
+CVE-2023-5731 (Memory safety bugs present in Firefox 118. Some of these bugs showed e ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5731
-CVE-2023-5730
+CVE-2023-5730 (Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thun ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5730
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5730
-CVE-2023-5729
+CVE-2023-5729 (A malicious web site can enter fullscreen mode while simultaneously tr ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5729
-CVE-2023-5728
+CVE-2023-5728 (During garbage collection extra operations were performed on a object ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5728
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5728
-CVE-2023-5727
+CVE-2023-5727 (The executable file warning was not presented when downloading .msix, ...)
- firefox <not-affected> (Only affects Firefox on Windows)
- firefox-esr <not-affected> (Only affects Firefox ESR on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5727
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5727
-CVE-2023-5726
+CVE-2023-5726 (A website could have obscured the full screen notification by using th ...)
- firefox <not-affected> (Only affects Firefox on MacOS)
- firefox-esr <not-affected> (Only affects Firefox ESR on MacOS)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5726
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5726
-CVE-2023-5725
+CVE-2023-5725 (A malicious installed WebExtension could open arbitrary URLs, which un ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5725
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5725
-CVE-2023-5724
+CVE-2023-5724 (Drivers are not always robust to extremely large draw calls and in som ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5724
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5724
-CVE-2023-5723
+CVE-2023-5723 (An attacker with temporary script access to a site could have set a co ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5723
-CVE-2023-5722
+CVE-2023-5722 (Using iterative requests an attacker was able to learn the size of an ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5722
-CVE-2023-5721
+CVE-2023-5721 (It was possible for certain browser prompts and dialogs to be activate ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5721
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5721
CVE-2023-5746 (A vulnerability regarding use of externally-controlled format string i ...)
NOT-FOR-US: Synology
-CVE-2023-5363 [Incorrect cipher key & IV length processing]
+CVE-2023-5363 (Issue summary: A bug has been identified in the processing of key and ...)
+ {DSA-5532-1}
- openssl <unfixed>
[bullseye] - openssl <not-affected> (Vulnerable code not present)
[buster] - openssl <not-affected> (Vulnerable code not present)
@@ -41793,8 +41920,8 @@ CVE-2023-25034 (Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP C
NOT-FOR-US: WordPress plugin
CVE-2023-25033 (Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share B ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25032
- RESERVED
+CVE-2023-25032 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prin ...)
+ TODO: check
CVE-2023-25031 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25030
@@ -66859,8 +66986,8 @@ CVE-2023-20275
RESERVED
CVE-2023-20274
RESERVED
-CVE-2023-20273
- RESERVED
+CVE-2023-20273 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
+ TODO: check
CVE-2023-20272
RESERVED
CVE-2023-20271
@@ -162925,7 +163052,7 @@ CVE-2021-35993 (Adobe After Effects version 18.2.1 (and earlier) is affected by
NOT-FOR-US: Adobe
CVE-2021-35992 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...)
NOT-FOR-US: Adobe
-CVE-2021-35991 (Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitiali ...)
+CVE-2021-35991 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Access of ...)
NOT-FOR-US: Adobe
CVE-2021-35990 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...)
NOT-FOR-US: Adobe
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2879bc3571e3131f8fe0b970af131e8973d699aa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2879bc3571e3131f8fe0b970af131e8973d699aa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231024/128cf21b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list