[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 28 09:12:29 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
12137f14 by security tracker role at 2023-06-28T08:12:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-3436 (Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is ...)
+	TODO: check
+CVE-2023-3427 (The Salon Booking System plugin for WordPress is vulnerable to Cross-S ...)
+	TODO: check
+CVE-2023-3407 (The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Reques ...)
+	TODO: check
+CVE-2023-3333 (Improper Neutralization of Special Elements used in an OS Command vuln ...)
+	TODO: check
+CVE-2023-3332 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)
+	TODO: check
+CVE-2023-3331 (Improper Limitation of a Pathname to a Restricted Directory vulnerabil ...)
+	TODO: check
+CVE-2023-3330 (Improper Limitation of a Pathname to a Restricted Directory vulnerabil ...)
+	TODO: check
+CVE-2023-3327
+	REJECTED
+CVE-2023-36464 (pypdf is an open source, pure-python PDF library. In affected versions ...)
+	TODO: check
+CVE-2023-32623 (Directory traversal vulnerability in Snow Monkey Forms versions v5.1.0 ...)
+	TODO: check
+CVE-2022-48505 (This issue was addressed with improved data protection. This issue is  ...)
+	TODO: check
 CVE-2023-3397 [fs/jfs: Add a mutex named txEnd_lmLogClose_mutex to prevent a race condition between txEnd and lmLogClose functions]
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/lkml/20230515095956.17898-1-zyytlz.wz@163.com/
@@ -11183,8 +11205,8 @@ CVE-2023-1846 (A vulnerability has been found in SourceCodester Online Payroll S
 	NOT-FOR-US: SourceCodester Online Payroll System
 CVE-2023-1845 (A vulnerability, which was classified as critical, was found in Source ...)
 	NOT-FOR-US: SourceCodester Online Payroll System
-CVE-2023-1844
-	RESERVED
+CVE-2023-1844 (The Subscribe2 plugin for WordPress is vulnerable to unauthorized acce ...)
+	TODO: check
 CVE-2023-1843 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-1842
@@ -20851,8 +20873,8 @@ CVE-2023-26136
 	RESERVED
 CVE-2023-26135
 	RESERVED
-CVE-2023-26134
-	RESERVED
+CVE-2023-26134 (Versions of the package git-commit-info before 2.0.2 are vulnerable to ...)
+	TODO: check
 CVE-2023-26133 (All versions of the package progressbar.js are vulnerable to Prototype ...)
 	TODO: check
 CVE-2023-26132 (Versions of the package dottie before 2.0.4 are vulnerable to Prototyp ...)
@@ -24337,10 +24359,10 @@ CVE-2023-25004 (A maliciously crafted pskernel.dll file in Autodesk products is
 	TODO: check
 CVE-2023-25003 (A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and M ...)
 	TODO: check
-CVE-2023-25002
-	RESERVED
-CVE-2023-25001
-	RESERVED
+CVE-2023-25002 (A maliciously crafted SKP file in Autodesk products is used to trigger ...)
+	TODO: check
+CVE-2023-25001 (A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be ...)
+	TODO: check
 CVE-2023-0634
 	REJECTED
 CVE-2023-0633
@@ -79839,8 +79861,7 @@ CVE-2022-32886 (A buffer overflow issue was addressed with improved memory handl
 	- webkit2gtk 2.38.0-1
 	- wpewebkit 2.38.0-1
 	NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
-CVE-2022-32885
-	REJECTED
+CVE-2022-32885 (A memory corruption issue was addressed with improved validation. This ...)
 	{DSA-5397-1 DSA-5396-1 DLA-3419-1}
 	- webkit2gtk 2.40.1-1
 	- wpewebkit 2.38.6-1
@@ -218903,8 +218924,8 @@ CVE-2020-18416 (An cross site request forgery (CSRF) vulnerability discovered in
 	TODO: check
 CVE-2020-18415
 	RESERVED
-CVE-2020-18414
-	RESERVED
+CVE-2020-18414 (Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 th ...)
+	TODO: check
 CVE-2020-18413 (Stored cross site scripting (XSS) vulnerability in /index.php?admin-ma ...)
 	TODO: check
 CVE-2020-18412
@@ -218923,8 +218944,8 @@ CVE-2020-18406 (An issue was discovered in cmseasy v7.0.0 that allows user crede
 	TODO: check
 CVE-2020-18405
 	RESERVED
-CVE-2020-18404
-	RESERVED
+CVE-2020-18404 (An issue was discovered in espcms version P8.18101601. There is a cros ...)
+	TODO: check
 CVE-2020-18403
 	RESERVED
 CVE-2020-18402



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12137f1492066b3efafcf229bbe534e7e4c0e54a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12137f1492066b3efafcf229bbe534e7e4c0e54a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230628/52992fb6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list