Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a113fb06 by Salvatore Bonaccorso at 2023-05-08T22:35:47+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,13 +1,13 @@ CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.) TODO: check CVE-2023-2582 (A prototype pollution vulnerability exists in Strikingly CMS which can ...) - TODO: check + NOT-FOR-US: Strikingly CMS CVE-2023-2575 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) - TODO: check + NOT-FOR-US: Advantech CVE-2023-2574 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) - TODO: check + NOT-FOR-US: Advantech CVE-2023-2573 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) - TODO: check + NOT-FOR-US: Advantech CVE-2023-2566 (Cross-site Scripting (XSS) - Stored in GitHub repository openemr/opene ...) NOT-FOR-US: OpenEMR CVE-2023-2534 (Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API ...) @@ -1596,7 +1596,7 @@ CVE-2023-30857 (@aedart/support is the support package for Ion, a monorepo for J CVE-2023-30856 (eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and pri ...) NOT-FOR-US: eDEX-UI CVE-2023-30855 (Pimcore is an open source data and experience management platform. Ver ...) - TODO: check + NOT-FOR-US: Pimcore CVE-2023-30854 (AVideo is an open source video platform. Prior to version 12.4, an OS ...) NOT-FOR-US: AVideo CVE-2023-30853 (Gradle Build Action allows users to execute a Gradle Build in their Gi ...) @@ -3814,7 +3814,7 @@ CVE-2023-30094 (A stored cross-site scripting (XSS) vulnerability in TotalJS Flo CVE-2023-30093 (An arbitrary file upload vulnerability in Open Networking Foundation O ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2023-30092 (SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL ...) - TODO: check + NOT-FOR-US: SourceCodester Online Pizza Ordering System CVE-2023-30091 RESERVED CVE-2023-30090 (Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vu ...) @@ -3960,7 +3960,7 @@ CVE-2023-30021 CVE-2023-30020 RESERVED CVE-2023-30019 (imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) ...) - TODO: check + NOT-FOR-US: imgproxy CVE-2023-30018 (Judging Management System v1.0 is vulnerable to SQL Injection. via /ph ...) NOT-FOR-US: Judging Management System CVE-2023-30017 @@ -4644,13 +4644,13 @@ CVE-2023-29698 CVE-2023-29697 RESERVED CVE-2023-29696 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) - TODO: check + NOT-FOR-US: H3C CVE-2023-29695 RESERVED CVE-2023-29694 RESERVED CVE-2023-29693 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) - TODO: check + NOT-FOR-US: H3C CVE-2023-29692 RESERVED CVE-2023-29691 @@ -8572,7 +8572,7 @@ CVE-2023-28495 CVE-2023-28494 RESERVED CVE-2023-28493 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...) - TODO: check + NOT-FOR-US: Wordpress theme CVE-2023-28492 RESERVED CVE-2023-28491 @@ -9716,7 +9716,7 @@ CVE-2023-28171 CVE-2023-28170 RESERVED CVE-2023-28169 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Core ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-28168 RESERVED CVE-2023-28167 @@ -17802,7 +17802,7 @@ CVE-2023-25454 CVE-2023-25453 RESERVED CVE-2023-25452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mich ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25451 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPCh ...) NOT-FOR-US: WordPress plugin CVE-2023-25450 @@ -18747,7 +18747,7 @@ CVE-2023-25054 CVE-2023-25053 RESERVED CVE-2023-25052 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tepl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25051 RESERVED CVE-2023-25050 @@ -20808,7 +20808,7 @@ CVE-2023-24410 CVE-2023-24409 RESERVED CVE-2023-24408 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-24407 RESERVED CVE-2023-24406 @@ -22807,7 +22807,7 @@ CVE-2023-23670 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in CVE-2023-23669 RESERVED CVE-2023-23668 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23667 RESERVED CVE-2023-23666 @@ -31040,11 +31040,11 @@ CVE-2022-47441 CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...) NOT-FOR-US: WordPress plugin CVE-2022-47439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket A ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-47438 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpD ...) NOT-FOR-US: WordPress plugin CVE-2022-47437 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bran ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-47436 RESERVED CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...) @@ -32985,7 +32985,7 @@ CVE-2022-46801 CVE-2022-46800 RESERVED CVE-2022-46799 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-46798 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLento ...) NOT-FOR-US: WordPress plugin CVE-2022-46797 (Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-o ...) @@ -36009,7 +36009,7 @@ CVE-2022-45814 (Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Al CVE-2022-45813 RESERVED CVE-2022-45812 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-45811 RESERVED CVE-2022-45810 @@ -38349,7 +38349,7 @@ CVE-2022-45067 (Cross-Site Request Forgery (CSRF) vulnerability inDevsCred Exclu CVE-2022-45066 (Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe Wo ...) NOT-FOR-US: WordPress plugin CVE-2022-45065 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-45064 (The SlingRequestDispatcher doesn't correctly implement the RequestDisp ...) NOT-FOR-US: Apache Sling CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and es ...) @@ -157044,9 +157044,9 @@ CVE-2021-29001 CVE-2021-29000 RESERVED CVE-2021-28999 (SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows r ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2021-28998 (File upload vulnerability in CMS Made Simple through 2.2.15 allows rem ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2021-28997 RESERVED CVE-2021-28996 @@ -175631,7 +175631,7 @@ CVE-2020-36066 (GJSON <1.6.5 allows attackers to cause a denial of service (remo NOTE: https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc NOTE: fix in golang-github-tidwall-gjson is dependency on golang-github-tidwall-match v1.0.3 CVE-2020-36065 (Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows a ...) - TODO: check + NOT-FOR-US: FlyCms CVE-2020-36064 (Online Course Registration v1.0 was discovered to contain hardcoded cr ...) NOT-FOR-US: Online Course Registration CVE-2020-36063 @@ -201318,7 +201318,7 @@ CVE-2020-23968 (Ilex International Sign&go Workstation Security Suite 7.1 allows CVE-2020-23967 (Dr.Web Security Space versions 11 and 12 allow elevation of privilege ...) NOT-FOR-US: Dr.Web Security Space CVE-2020-23966 (SQL Injection vulnerability in victor cms 1.0 allows attackers to exec ...) - TODO: check + NOT-FOR-US: victor cms CVE-2020-23965 RESERVED CVE-2020-23964 @@ -203874,7 +203874,7 @@ CVE-2020-22757 CVE-2020-22756 RESERVED CVE-2020-22755 (File upload vulnerability in MCMS 5.0 allows attackers to execute arbi ...) - TODO: check + NOT-FOR-US: MCMS CVE-2020-22754 RESERVED CVE-2020-22753 @@ -204763,7 +204763,7 @@ CVE-2020-22336 CVE-2020-22335 RESERVED CVE-2020-22334 (Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows a ...) - TODO: check + NOT-FOR-US: beescms CVE-2020-22333 RESERVED CVE-2020-22332 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a113fb0647d5f96e0747797a23738c38d988067e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a113fb0647d5f96e0747797a23738c38d988067e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits