[Git][security-tracker-team/security-tracker][master] automatic update

Mon Jan 1 20:11:58 GMT 2024


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9bc92d23 by security tracker role at 2024-01-01T20:11:47+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2024-0181 (A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1. ...)
+	TODO: check
+CVE-2023-6485 (The Html5 Video Player WordPress plugin before 2.5.19 does not sanitis ...)
+	TODO: check
+CVE-2023-6421 (The Download Manager WordPress plugin before 3.2.83 does not protect f ...)
+	TODO: check
+CVE-2023-6271 (The Backup Migration WordPress plugin before 1.3.6 stores in-progress  ...)
+	TODO: check
+CVE-2023-6113 (The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro ...)
+	TODO: check
+CVE-2023-6064 (The PayHere Payment Gateway WordPress plugin before 2.2.12 automatical ...)
+	TODO: check
+CVE-2023-6037 (The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not ...)
+	TODO: check
+CVE-2023-6000 (The Popup Builder WordPress plugin before 4.2.3 does not prevent simpl ...)
+	TODO: check
+CVE-2023-5877 (The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorizatio ...)
+	TODO: check
+CVE-2023-50096 (STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code ...)
+	TODO: check
+CVE-2023-50094 (reNgine through 2.0.2 allows OS Command Injection if an adversary has  ...)
+	TODO: check
 CVE-2024-21732 (FlyCms through abbaa5a allows XSS via the permission management featur ...)
 	NOT-FOR-US: FlyCms
 CVE-2023-7193 (A vulnerability was found in MTab Bookmark up to 1.2.6 and classified  ...)
@@ -596,6 +618,7 @@ CVE-2023-34829 (Incorrect access control in TP-Link Tapo before v3.1.315 allows
 CVE-2023-7116 (A vulnerability, which was classified as critical, has been found in W ...)
 	NOT-FOR-US: WeiYe-Jing datax-web
 CVE-2023-6531
+	{DSA-5593-1}
 	- linux 6.6.8-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/705318a99a138c29a512a72c3e0043b3cd7f55f4 (6.7-rc5)
@@ -797,15 +820,19 @@ CVE-2023-45737 (Stored cross-site scripting vulnerability exists in the App Sett
 CVE-2023-42436 (Stored cross-site scripting vulnerability exists in the presentation f ...)
 	NOT-FOR-US: GROWI
 CVE-2023-51782 (An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl i ...)
+	{DSA-5593-1}
 	- linux 6.6.8-1
 	NOTE: https://git.kernel.org/linus/810c38a369a0a0ce625b5c12169abce1dd9ccd53 (6.7-rc6)
 CVE-2023-51781 (An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl  ...)
+	{DSA-5593-1}
 	- linux 6.6.8-1
 	NOTE: https://git.kernel.org/linus/189ff16722ee36ced4d2a2469d4ab65a8fee4198 (6.7-rc6)
 CVE-2023-51780 (An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl ...)
+	{DSA-5593-1}
 	- linux 6.6.8-1
 	NOTE: https://git.kernel.org/linus/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3 (6.7-rc6)
 CVE-2023-51779 (bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel th ...)
+	{DSA-5593-1}
 	- linux 6.6.9-1
 	NOTE: https://git.kernel.org/linus/2e07e8348ea454615e268222ae3fc240421be768 (6.7-rc7)
 CVE-2023-49337 (Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via ...)
@@ -913,7 +940,7 @@ CVE-2023-51767 (OpenSSH through 9.6, when common types of DRAM are used, might a
 	[bullseye] - openssh <postponed> (Revisit once hardening/mitigation for Rowhammer type of attack exists)
 	[buster] - openssh <postponed> (Revisit once hardening/mitigation for Rowhammer type of attack exists)
 	NOTE: https://arxiv.org/abs/2309.02545
-CVE-2023-51766 (Exim through 4.97 allows SMTP smuggling in certain configurations. Rem ...)
+CVE-2023-51766 (Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKIN ...)
 	- exim4 4.97-3 (bug #1059387)
 	NOTE: https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
 	NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/6
@@ -1772,6 +1799,7 @@ CVE-2023-6932 (A use-after-free vulnerability in the Linux kernel's ipv4: igmp c
 	[bookworm] - linux 6.1.66-1
 	NOTE: https://git.kernel.org/linus/e2b706c691905fe78468c361aaabc719d0a496f1 (6.7-rc4)
 CVE-2023-6931 (A heap out-of-bounds write vulnerability in the Linux kernel's Perform ...)
+	{DSA-5593-1}
 	- linux 6.6.8-1
 	NOTE: https://git.kernel.org/linus/382c27f4ed28f803b1f1473ac2d8db0afc795a1b (6.7-rc5)
 CVE-2023-6913 (A session hijacking vulnerability has been detected in the Imou Life a ...)
@@ -2080,6 +2108,7 @@ CVE-2023-6920
 CVE-2023-6911 (Multiple WSO2 products have been identified as vulnerable due to impro ...)
 	NOT-FOR-US: WSO2
 CVE-2023-6817 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
+	{DSA-5593-1}
 	- linux 6.6.8-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/317eb9685095678f2c9f5a8189de698c5354316a (6.7-rc5)
@@ -4240,6 +4269,7 @@ CVE-2023-46932 (Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev61
 	NOTE: https://github.com/gpac/gpac/issues/2669
 	NOTE: https://github.com/gpac/gpac/commit/dfdf1681aae2f7b6265e58e97f8461a89825a74b
 CVE-2023-6622 (A null pointer dereference vulnerability was found in nft_dynset_init( ...)
+	{DSA-5593-1}
 	- linux 6.6.8-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bc92d2320bd902878e60ab3a3310a08cc587342

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bc92d2320bd902878e60ab3a3310a08cc587342
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240101/dae6693d/attachment.htm>
