Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9bc92d23 by security tracker role at 2024-01-01T20:11:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2024-0181 (A vulnerability was found in RRJ Nueva Ecija Engineer Online
Portal 1. ...)
+ TODO: check
+CVE-2023-6485 (The Html5 Video Player WordPress plugin before 2.5.19 does not
sanitis ...)
+ TODO: check
+CVE-2023-6421 (The Download Manager WordPress plugin before 3.2.83 does not
protect f ...)
+ TODO: check
+CVE-2023-6271 (The Backup Migration WordPress plugin before 1.3.6 stores
in-progress ...)
+ TODO: check
+CVE-2023-6113 (The WP STAGING WordPress Backup Plugin before 3.1.3 and WP
STAGING Pro ...)
+ TODO: check
+CVE-2023-6064 (The PayHere Payment Gateway WordPress plugin before 2.2.12
automatical ...)
+ TODO: check
+CVE-2023-6037 (The WP TripAdvisor Review Slider WordPress plugin before 11.9
does not ...)
+ TODO: check
+CVE-2023-6000 (The Popup Builder WordPress plugin before 4.2.3 does not
prevent simpl ...)
+ TODO: check
+CVE-2023-5877 (The affiliate-toolkit WordPress plugin before 3.4.3 lacks
authorizatio ...)
+ TODO: check
+CVE-2023-50096 (STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows
MCU code ...)
+ TODO: check
+CVE-2023-50094 (reNgine through 2.0.2 allows OS Command Injection if an
adversary has ...)
+ TODO: check
CVE-2024-21732 (FlyCms through abbaa5a allows XSS via the permission
management featur ...)
NOT-FOR-US: FlyCms
CVE-2023-7193 (A vulnerability was found in MTab Bookmark up to 1.2.6 and
classified ...)
@@ -596,6 +618,7 @@ CVE-2023-34829 (Incorrect access control in TP-Link Tapo
before v3.1.315 allows
CVE-2023-7116 (A vulnerability, which was classified as critical, has been
found in W ...)
NOT-FOR-US: WeiYe-Jing datax-web
CVE-2023-6531
+ {DSA-5593-1}
- linux 6.6.8-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/705318a99a138c29a512a72c3e0043b3cd7f55f4 (6.7-rc5)
@@ -797,15 +820,19 @@ CVE-2023-45737 (Stored cross-site scripting vulnerability
exists in the App Sett
CVE-2023-42436 (Stored cross-site scripting vulnerability exists in the
presentation f ...)
NOT-FOR-US: GROWI
CVE-2023-51782 (An issue was discovered in the Linux kernel before 6.6.8.
rose_ioctl i ...)
+ {DSA-5593-1}
- linux 6.6.8-1
NOTE:
https://git.kernel.org/linus/810c38a369a0a0ce625b5c12169abce1dd9ccd53 (6.7-rc6)
CVE-2023-51781 (An issue was discovered in the Linux kernel before 6.6.8.
atalk_ioctl ...)
+ {DSA-5593-1}
- linux 6.6.8-1
NOTE:
https://git.kernel.org/linus/189ff16722ee36ced4d2a2469d4ab65a8fee4198 (6.7-rc6)
CVE-2023-51780 (An issue was discovered in the Linux kernel before 6.6.8.
do_vcc_ioctl ...)
+ {DSA-5593-1}
- linux 6.6.8-1
NOTE:
https://git.kernel.org/linus/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3 (6.7-rc6)
CVE-2023-51779 (bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux
kernel th ...)
+ {DSA-5593-1}
- linux 6.6.9-1
NOTE:
https://git.kernel.org/linus/2e07e8348ea454615e268222ae3fc240421be768 (6.7-rc7)
CVE-2023-49337 (Concrete CMS before 9.2.3 allows Stored XSS on the Admin
Dashboard via ...)
@@ -913,7 +940,7 @@ CVE-2023-51767 (OpenSSH through 9.6, when common types of
DRAM are used, might a
[bullseye] - openssh <postponed> (Revisit once hardening/mitigation for
Rowhammer type of attack exists)
[buster] - openssh <postponed> (Revisit once hardening/mitigation for
Rowhammer type of attack exists)
NOTE: https://arxiv.org/abs/2309.02545
-CVE-2023-51766 (Exim through 4.97 allows SMTP smuggling in certain
configurations. Rem ...)
+CVE-2023-51766 (Exim before 4.97.1 allows SMTP smuggling in certain
PIPELINING/CHUNKIN ...)
- exim4 4.97-3 (bug #1059387)
NOTE:
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/6
@@ -1772,6 +1799,7 @@ CVE-2023-6932 (A use-after-free vulnerability in the
Linux kernel's ipv4: igmp c
[bookworm] - linux 6.1.66-1
NOTE:
https://git.kernel.org/linus/e2b706c691905fe78468c361aaabc719d0a496f1 (6.7-rc4)
CVE-2023-6931 (A heap out-of-bounds write vulnerability in the Linux kernel's
Perform ...)
+ {DSA-5593-1}
- linux 6.6.8-1
NOTE:
https://git.kernel.org/linus/382c27f4ed28f803b1f1473ac2d8db0afc795a1b (6.7-rc5)
CVE-2023-6913 (A session hijacking vulnerability has been detected in the Imou
Life a ...)
@@ -2080,6 +2108,7 @@ CVE-2023-6920
CVE-2023-6911 (Multiple WSO2 products have been identified as vulnerable due
to impro ...)
NOT-FOR-US: WSO2
CVE-2023-6817 (A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tab ...)
+ {DSA-5593-1}
- linux 6.6.8-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/317eb9685095678f2c9f5a8189de698c5354316a (6.7-rc5)
@@ -4240,6 +4269,7 @@ CVE-2023-46932 (Heap Buffer Overflow vulnerability in
GPAC version 2.3-DEV-rev61
NOTE: https://github.com/gpac/gpac/issues/2669
NOTE:
https://github.com/gpac/gpac/commit/dfdf1681aae2f7b6265e58e97f8461a89825a74b
CVE-2023-6622 (A null pointer dereference vulnerability was found in
nft_dynset_init( ...)
+ {DSA-5593-1}
- linux 6.6.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bc92d2320bd902878e60ab3a3310a08cc587342
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9bc92d2320bd902878e60ab3a3310a08cc587342
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
