Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7752f3af by security tracker role at 2023-06-20T08:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2023-3325 (The CMS Commander plugin for WordPress is vulnerable to
authorization ...)
+ TODO: check
+CVE-2023-3320 (The WP Sticky Social plugin for WordPress is vulnerable to
Cross-Site ...)
+ TODO: check
+CVE-2023-3315 (Missing permission checks in Jenkins Team Concert Plugin 2.4.1
and ear ...)
+ TODO: check
+CVE-2023-35884 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
EventPri ...)
+ TODO: check
+CVE-2023-35882 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-35878 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Vady ...)
+ TODO: check
+CVE-2023-32659 (SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain
a cross- ...)
+ TODO: check
+CVE-2023-29158 (SUBNET PowerSYSTEM Center versions 2020 U10 and prior are
vulnerable t ...)
+ TODO: check
CVE-2023-3318 (A vulnerability was found in SourceCodester Resort Management
System 1 ...)
NOT-FOR-US: SourceCodester Resort Management System
CVE-2023-3317 [wifi: mt76: mt7921: Fix use-after-free in fw features query]
@@ -19169,26 +19185,26 @@ CVE-2023-26437 (Denial of service vulnerability in
PowerDNS Recursor allows auth
NOTE:
https://github.com/PowerDNS/pdns/commit/94fccab63457f8327add3a8e1e2b7876234e4989
(rec-4.6.6)
NOTE:
https://github.com/PowerDNS/pdns/commit/5174c955a5c320849e6fe12471b7fce1c31ca2a8
(rec-4.7.5)
NOTE:
https://github.com/PowerDNS/pdns/commit/cd279418d3b3151ab3b489e68bb5354138220e2f
(rec-4.8.4)
-CVE-2023-26436
- RESERVED
-CVE-2023-26435
- RESERVED
-CVE-2023-26434
- RESERVED
-CVE-2023-26433
- RESERVED
-CVE-2023-26432
- RESERVED
-CVE-2023-26431
- RESERVED
+CVE-2023-26436 (Attackers with access to the "documentconverterws" API were
able to in ...)
+ TODO: check
+CVE-2023-26435 (It was possible to call filesystem and network references
using the lo ...)
+ TODO: check
+CVE-2023-26434 (When adding an external mail account, processing of POP3
"capabilities ...)
+ TODO: check
+CVE-2023-26433 (When adding an external mail account, processing of IMAP
"capabilities ...)
+ TODO: check
+CVE-2023-26432 (When adding an external mail account, processing of SMTP
"capabilities ...)
+ TODO: check
+CVE-2023-26431 (IPv4-mapped IPv6 addresses did not get recognized as "local"
by the co ...)
+ TODO: check
CVE-2023-26430
RESERVED
-CVE-2023-26429
- RESERVED
-CVE-2023-26428
- RESERVED
-CVE-2023-26427
- RESERVED
+CVE-2023-26429 (Control characters were not removed when exporting user
feedback conte ...)
+ TODO: check
+CVE-2023-26428 (Attackers can successfully request arbitrary snippet IDs,
including E- ...)
+ TODO: check
+CVE-2023-26427 (Default permissions for a properties file were too permissive.
Local s ...)
+ TODO: check
CVE-2023-26426 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and
earlier) are ...)
NOT-FOR-US: Adobe
CVE-2023-26425 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and
20.005.30 ...)
@@ -23066,7 +23082,7 @@ CVE-2023-25141 (Apache Sling JCR Base < 3.1.12 has a
critical injection vulnerab
CVE-2023-25140 (A vulnerability has been identified in Parasolid V34.0 (All
versions < ...)
NOT-FOR-US: Siemens
CVE-2023-3247 [GHSA-76gg-c692-v2mw: Missing error check and insufficient
random bytes in HTTP Digest authentication for SOAP]
- {DSA-5425-1 DSA-5424-1}
+ {DSA-5425-1 DSA-5424-1 DLA-3458-1}
- php8.2 8.2.7-1
- php7.4 <removed>
- php7.3 <removed>
@@ -30103,6 +30119,7 @@ CVE-2023-0118
CVE-2022-4884 (Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and
<= 2.1 ...)
- check-mk <removed>
CVE-2022-4883 (A flaw was found in libXpm. When processing files with .Z or
.gz exten ...)
+ {DLA-3459-1}
- libxpm 1:3.5.12-1.1
[bullseye] - libxpm 1:3.5.12-1.1~deb11u1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
@@ -30153,11 +30170,13 @@ CVE-2022-48231 (In soter service, there is a possible
missing permission check.
CVE-2022-48230 (There is a misinterpretation of input vulnerability in
BiSheng-WNM FW ...)
NOT-FOR-US: Huawei
CVE-2022-46285 (A flaw was found in libXpm. This issue occurs when parsing a
file with ...)
+ {DLA-3459-1}
- libxpm 1:3.5.12-1.1
[bullseye] - libxpm 1:3.5.12-1.1~deb11u1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
NOTE:
https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d765014816c566c63165c63ca8
(libXpm-3.5.15)
CVE-2022-44617 (A flaw was found in libXpm. When processing a file with width
of 0 and ...)
+ {DLA-3459-1}
- libxpm 1:3.5.12-1.1
[bullseye] - libxpm 1:3.5.12-1.1~deb11u1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2
@@ -129857,6 +129876,7 @@ CVE-2021-41459 (There is a stack buffer overflow in
MP4Box v1.0.1 at src/filters
NOTE: https://github.com/gpac/gpac/issues/1912
NOTE: Fixed by:
https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339
(v2.0.0)
CVE-2021-41458 (In GPAC MP4Box v1.1.0, there is a stack buffer overflow at
src/utils/e ...)
+ {DSA-5411-1}
- gpac 2.0.0+dfsg1-2
[bullseye] - gpac <no-dsa> (Minor issue)
[buster] - gpac <end-of-life> (EOL in buster LTS)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7752f3afdf951214131e7fc2fd1516e42d78f33f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7752f3afdf951214131e7fc2fd1516e42d78f33f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
