[Git][security-tracker-team/security-tracker][master] automatic update

Tue Jun 20 09:12:11 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7752f3af by security tracker role at 2023-06-20T08:11:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2023-3325 (The CMS Commander plugin for WordPress is vulnerable to authorization  ...)
+	TODO: check
+CVE-2023-3320 (The WP Sticky Social  plugin for WordPress is vulnerable to Cross-Site ...)
+	TODO: check
+CVE-2023-3315 (Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and ear ...)
+	TODO: check
+CVE-2023-35884 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPri ...)
+	TODO: check
+CVE-2023-35882 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
+CVE-2023-35878 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vady ...)
+	TODO: check
+CVE-2023-32659 (SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross- ...)
+	TODO: check
+CVE-2023-29158 (SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable t ...)
+	TODO: check
 CVE-2023-3318 (A vulnerability was found in SourceCodester Resort Management System 1 ...)
 	NOT-FOR-US: SourceCodester Resort Management System
 CVE-2023-3317 [wifi: mt76: mt7921: Fix use-after-free in fw features query]
@@ -19169,26 +19185,26 @@ CVE-2023-26437 (Denial of service vulnerability in PowerDNS Recursor allows auth
 	NOTE: https://github.com/PowerDNS/pdns/commit/94fccab63457f8327add3a8e1e2b7876234e4989 (rec-4.6.6)
 	NOTE: https://github.com/PowerDNS/pdns/commit/5174c955a5c320849e6fe12471b7fce1c31ca2a8 (rec-4.7.5)
 	NOTE: https://github.com/PowerDNS/pdns/commit/cd279418d3b3151ab3b489e68bb5354138220e2f (rec-4.8.4)
-CVE-2023-26436
-	RESERVED
-CVE-2023-26435
-	RESERVED
-CVE-2023-26434
-	RESERVED
-CVE-2023-26433
-	RESERVED
-CVE-2023-26432
-	RESERVED
-CVE-2023-26431
-	RESERVED
+CVE-2023-26436 (Attackers with access to the "documentconverterws" API were able to in ...)
+	TODO: check
+CVE-2023-26435 (It was possible to call filesystem and network references using the lo ...)
+	TODO: check
+CVE-2023-26434 (When adding an external mail account, processing of POP3 "capabilities ...)
+	TODO: check
+CVE-2023-26433 (When adding an external mail account, processing of IMAP "capabilities ...)
+	TODO: check
+CVE-2023-26432 (When adding an external mail account, processing of SMTP "capabilities ...)
+	TODO: check
+CVE-2023-26431 (IPv4-mapped IPv6 addresses did not get recognized as "local" by the co ...)
+	TODO: check
 CVE-2023-26430
 	RESERVED
-CVE-2023-26429
-	RESERVED
-CVE-2023-26428
-	RESERVED
-CVE-2023-26427
-	RESERVED
+CVE-2023-26429 (Control characters were not removed when exporting user feedback conte ...)
+	TODO: check
+CVE-2023-26428 (Attackers can successfully request arbitrary snippet IDs, including E- ...)
+	TODO: check
+CVE-2023-26427 (Default permissions for a properties file were too permissive. Local s ...)
+	TODO: check
 CVE-2023-26426 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are  ...)
 	NOT-FOR-US: Adobe
 CVE-2023-26425 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
@@ -23066,7 +23082,7 @@ CVE-2023-25141 (Apache Sling JCR Base < 3.1.12 has a critical injection vulnerab
 CVE-2023-25140 (A vulnerability has been identified in Parasolid V34.0 (All versions < ...)
 	NOT-FOR-US: Siemens
 CVE-2023-3247 [GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP]
-	{DSA-5425-1 DSA-5424-1}
+	{DSA-5425-1 DSA-5424-1 DLA-3458-1}
 	- php8.2 8.2.7-1
 	- php7.4 <removed>
 	- php7.3 <removed>
@@ -30103,6 +30119,7 @@ CVE-2023-0118
 CVE-2022-4884 (Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1 ...)
 	- check-mk <removed>
 CVE-2022-4883 (A flaw was found in libXpm. When processing files with .Z or .gz exten ...)
+	{DLA-3459-1}
 	- libxpm 1:3.5.12-1.1
 	[bullseye] - libxpm 1:3.5.12-1.1~deb11u1
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
@@ -30153,11 +30170,13 @@ CVE-2022-48231 (In soter service, there is a possible missing permission check.
 CVE-2022-48230 (There is a misinterpretation of input vulnerability in BiSheng-WNM FW  ...)
 	NOT-FOR-US: Huawei
 CVE-2022-46285 (A flaw was found in libXpm. This issue occurs when parsing a file with ...)
+	{DLA-3459-1}
 	- libxpm 1:3.5.12-1.1
 	[bullseye] - libxpm 1:3.5.12-1.1~deb11u1
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
 	NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d765014816c566c63165c63ca8 (libXpm-3.5.15)
 CVE-2022-44617 (A flaw was found in libXpm. When processing a file with width of 0 and ...)
+	{DLA-3459-1}
 	- libxpm 1:3.5.12-1.1
 	[bullseye] - libxpm 1:3.5.12-1.1~deb11u1
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
@@ -129857,6 +129876,7 @@ CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters
 	NOTE: https://github.com/gpac/gpac/issues/1912
 	NOTE: Fixed by: https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339 (v2.0.0)
 CVE-2021-41458 (In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/e ...)
+	{DSA-5411-1}
 	- gpac 2.0.0+dfsg1-2
 	[bullseye] - gpac <no-dsa> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7752f3afdf951214131e7fc2fd1516e42d78f33f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7752f3afdf951214131e7fc2fd1516e42d78f33f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230620/c12537e3/attachment.htm>
