[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 28 Jun 2023 01:12:37 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
12137f14 by security tracker role at 2023-06-28T08:12:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-3436 (Xpdf 4.04 will deadlock on a PDF object stream whose "Length" 
field is ...)
+       TODO: check
+CVE-2023-3427 (The Salon Booking System plugin for WordPress is vulnerable to 
Cross-S ...)
+       TODO: check
+CVE-2023-3407 (The Subscribe2 plugin for WordPress is vulnerable to Cross-Site 
Reques ...)
+       TODO: check
+CVE-2023-3333 (Improper Neutralization of Special Elements used in an OS 
Command vuln ...)
+       TODO: check
+CVE-2023-3332 (Improper Neutralization of Input During Web Page Generation 
vulnerabil ...)
+       TODO: check
+CVE-2023-3331 (Improper Limitation of a Pathname to a Restricted Directory 
vulnerabil ...)
+       TODO: check
+CVE-2023-3330 (Improper Limitation of a Pathname to a Restricted Directory 
vulnerabil ...)
+       TODO: check
+CVE-2023-3327
+       REJECTED
+CVE-2023-36464 (pypdf is an open source, pure-python PDF library. In affected 
versions ...)
+       TODO: check
+CVE-2023-32623 (Directory traversal vulnerability in Snow Monkey Forms 
versions v5.1.0 ...)
+       TODO: check
+CVE-2022-48505 (This issue was addressed with improved data protection. This 
issue is  ...)
+       TODO: check
 CVE-2023-3397 [fs/jfs: Add a mutex named txEnd_lmLogClose_mutex to prevent a 
race condition between txEnd and lmLogClose functions]
        - linux <unfixed>
        NOTE: 
https://lore.kernel.org/lkml/[email protected]/
@@ -11183,8 +11205,8 @@ CVE-2023-1846 (A vulnerability has been found in 
SourceCodester Online Payroll S
        NOT-FOR-US: SourceCodester Online Payroll System
 CVE-2023-1845 (A vulnerability, which was classified as critical, was found in 
Source ...)
        NOT-FOR-US: SourceCodester Online Payroll System
-CVE-2023-1844
-       RESERVED
+CVE-2023-1844 (The Subscribe2 plugin for WordPress is vulnerable to 
unauthorized acce ...)
+       TODO: check
 CVE-2023-1843 (The Metform Elementor Contact Form Builder plugin for WordPress 
is vul ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-1842
@@ -20851,8 +20873,8 @@ CVE-2023-26136
        RESERVED
 CVE-2023-26135
        RESERVED
-CVE-2023-26134
-       RESERVED
+CVE-2023-26134 (Versions of the package git-commit-info before 2.0.2 are 
vulnerable to ...)
+       TODO: check
 CVE-2023-26133 (All versions of the package progressbar.js are vulnerable to 
Prototype ...)
        TODO: check
 CVE-2023-26132 (Versions of the package dottie before 2.0.4 are vulnerable to 
Prototyp ...)
@@ -24337,10 +24359,10 @@ CVE-2023-25004 (A maliciously crafted pskernel.dll 
file in Autodesk products is
        TODO: check
 CVE-2023-25003 (A maliciously crafted pskernel.dll file in Autodesk AutoCAD 
2023 and M ...)
        TODO: check
-CVE-2023-25002
-       RESERVED
-CVE-2023-25001
-       RESERVED
+CVE-2023-25002 (A maliciously crafted SKP file in Autodesk products is used to 
trigger ...)
+       TODO: check
+CVE-2023-25001 (A maliciously crafted SKP file in Autodesk Navisworks 2023 and 
2022 be ...)
+       TODO: check
 CVE-2023-0634
        REJECTED
 CVE-2023-0633
@@ -79839,8 +79861,7 @@ CVE-2022-32886 (A buffer overflow issue was addressed 
with improved memory handl
        - webkit2gtk 2.38.0-1
        - wpewebkit 2.38.0-1
        NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
-CVE-2022-32885
-       REJECTED
+CVE-2022-32885 (A memory corruption issue was addressed with improved 
validation. This ...)
        {DSA-5397-1 DSA-5396-1 DLA-3419-1}
        - webkit2gtk 2.40.1-1
        - wpewebkit 2.38.6-1
@@ -218903,8 +218924,8 @@ CVE-2020-18416 (An cross site request forgery (CSRF) 
vulnerability discovered in
        TODO: check
 CVE-2020-18415
        RESERVED
-CVE-2020-18414
-       RESERVED
+CVE-2020-18414 (Stored cross site scripting (XSS) vulnerability in Chaoji CMS 
v2.18 th ...)
+       TODO: check
 CVE-2020-18413 (Stored cross site scripting (XSS) vulnerability in 
/index.php?admin-ma ...)
        TODO: check
 CVE-2020-18412
@@ -218923,8 +218944,8 @@ CVE-2020-18406 (An issue was discovered in cmseasy 
v7.0.0 that allows user crede
        TODO: check
 CVE-2020-18405
        RESERVED
-CVE-2020-18404
-       RESERVED
+CVE-2020-18404 (An issue was discovered in espcms version P8.18101601. There 
is a cros ...)
+       TODO: check
 CVE-2020-18403
        RESERVED
 CVE-2020-18402



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12137f1492066b3efafcf229bbe534e7e4c0e54a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12137f1492066b3efafcf229bbe534e7e4c0e54a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to