Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
251023d6 by Moritz Mühlenhoff at 2023-05-28T22:52:53+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,41 +1,41 @@
CVE-2023-33931 (Cross-Site Request Forgery (CSRF) vulnerability in Ciprian
Popescu You ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33926 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic
Easy Goog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33332 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WooComme ...)
- TODO: check
+ NOT-FOR-US: WooCommerce plugin
CVE-2023-33328 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33326 (Unauth. Reflected (XSS) Cross-Site Scripting (XSS)
vulnerability in Ev ...)
- TODO: check
+ NOT-FOR-US: EventPrime plugin
CVE-2023-33319 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WooComme ...)
- TODO: check
+ NOT-FOR-US: WooCommerce plugin
CVE-2023-33316 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce
WooComm ...)
- TODO: check
+ NOT-FOR-US: WooCommerce plugin
CVE-2023-33315 (Cross-Site Request Forgery (CSRF) vulnerability in Stephen
Darlington, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33314 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777
BEAR plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33313 (Cross-Site Request Forgery (CSRF) vulnerability in
ThemeinProgress WIP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33311 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33309 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Awesome ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33216 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in gVec ...)
- TODO: check
+ NOT-FOR-US: WooCommerce plugin
CVE-2023-33212 (Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock
JetFormB ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-33211 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Andr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32958 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Nose ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32800 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
One Rank ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2015-10106 (A vulnerability classified as critical was found in mback2k
mh_httpbl ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2014-125101 (A vulnerability classified as critical has been found in
Portfolio Gal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2951 (A vulnerability classified as critical has been found in
code-projects ...)
NOT-FOR-US: Bus Dispatch and Information System
CVE-2023-2950 (Improper Authorization in GitHub repository openemr/openemr
prior to 7 ...)
@@ -75,40 +75,40 @@ CVE-2023-33195 (Craft is a CMS for creating custom digital
experiences on the we
CVE-2023-33194 (Craft is a CMS for creating custom digital experiences on the
web.The ...)
NOT-FOR-US: Craft CMS
CVE-2023-33192 (ntpd-rs is an NTP implementation written in Rust. ntpd-rs does
not val ...)
- TODO: check
+ NOT-FOR-US: ntpd-rs
CVE-2023-33188 (Omni-notes is an open source note-taking application for
Android. The ...)
- TODO: check
+ NOT-FOR-US: Omni-notes
CVE-2023-33187 (Highlight is an open source, full-stack monitoring platform.
Highlight ...)
- TODO: check
+ NOT-FOR-US: Highlight (different from src:highlight)
CVE-2023-33184 (Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack
allowed ...)
NOT-FOR-US: Nextcloud Mail
CVE-2023-32688 (parse-server-push-adapter is the official Push Notification
adapter fo ...)
- TODO: check
+ NOT-FOR-US: parse-server-push-adapter
CVE-2023-32686 (Kiwi TCMS is an open source test management system for both
manual and ...)
NOT-FOR-US: Kiwi TCMS
CVE-2023-32676 (Autolab is a course management service that enables
auto-graded progra ...)
- TODO: check
+ NOT-FOR-US: Autolab
CVE-2023-32325 (PostHog-js is a library to interface with the PostHog
analytics tool. ...)
- TODO: check
+ NOT-FOR-US: PostHog-js
CVE-2023-32321 (CKAN is an open-source data management system for powering
data hubs a ...)
- TODO: check
+ NOT-FOR-US: CKAN
CVE-2023-32319 (Nextcloud server is an open source personal cloud
implementation. Miss ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-32317 (Autolab is a course management service that enables
auto-graded progra ...)
- TODO: check
+ NOT-FOR-US: Autolab
CVE-2023-32316 (CloudExplorer Lite is an open source cloud management tool. In
affecte ...)
- TODO: check
+ NOT-FOR-US: CloudExplorer Lite
CVE-2023-32315 (Openfire is an XMPP server licensed under the Open Source
Apache Licen ...)
NOT-FOR-US: Ignite Realtime Openfire
CVE-2023-32311 (CloudExplorer Lite is an open source cloud management
platform. In Clo ...)
- TODO: check
+ NOT-FOR-US: CloudExplorer Lite
CVE-2023-32307 (Sofia-SIP is an open-source SIP User-Agent library, compliant
with the ...)
- sofia-sip <unfixed> (bug #1036847)
NOTE:
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c
NOTE: https://github.com/freeswitch/sofia-sip/pull/214
NOTE: Fixed by:
https://github.com/freeswitch/sofia-sip/commit/c3bbc50c88d168065de34ca01b9b1d98c1b0e810
(v1.13.15)
CVE-2023-2924 (A vulnerability, which was classified as critical, has been
found in S ...)
- TODO: check
+ NOT-FOR-US: Supcon SimField
CVE-2023-2923 (A vulnerability classified as critical was found in Tenda AC6
US_AC6V1 ...)
NOT-FOR-US: Tenda
CVE-2023-2922 (A vulnerability classified as problematic has been found in
SourceCode ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/251023d68e37771fa5dcd40911e51ad47c53608a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/251023d68e37771fa5dcd40911e51ad47c53608a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
