[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 28 May 2023 13:12:35 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1eee7b0d by security tracker role at 2023-05-28T20:12:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2023-33931 (Cross-Site Request Forgery (CSRF) vulnerability in Ciprian 
Popescu You ...)
+       TODO: check
+CVE-2023-33926 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic 
Easy Goog ...)
+       TODO: check
+CVE-2023-33332 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
WooComme ...)
+       TODO: check
+CVE-2023-33328 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Plug ...)
+       TODO: check
+CVE-2023-33326 (Unauth. Reflected (XSS) Cross-Site Scripting (XSS) 
vulnerability in Ev ...)
+       TODO: check
+CVE-2023-33319 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
WooComme ...)
+       TODO: check
+CVE-2023-33316 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce 
WooComm ...)
+       TODO: check
+CVE-2023-33315 (Cross-Site Request Forgery (CSRF) vulnerability in Stephen 
Darlington, ...)
+       TODO: check
+CVE-2023-33314 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 
BEAR plu ...)
+       TODO: check
+CVE-2023-33313 (Cross-Site Request Forgery (CSRF) vulnerability in 
ThemeinProgress WIP ...)
+       TODO: check
+CVE-2023-33311 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
+       TODO: check
+CVE-2023-33309 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Awesome  ...)
+       TODO: check
+CVE-2023-33216 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in gVec ...)
+       TODO: check
+CVE-2023-33212 (Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock 
JetFormB ...)
+       TODO: check
+CVE-2023-33211 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Andr ...)
+       TODO: check
+CVE-2023-32958 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Nose ...)
+       TODO: check
+CVE-2023-32800 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
One Rank ...)
+       TODO: check
+CVE-2015-10106 (A vulnerability classified as critical was found in mback2k 
mh_httpbl  ...)
+       TODO: check
+CVE-2014-125101 (A vulnerability classified as critical has been found in 
Portfolio Gal ...)
+       TODO: check
 CVE-2023-2951 (A vulnerability classified as critical has been found in 
code-projects ...)
        NOT-FOR-US: Bus Dispatch and Information System
 CVE-2023-2950 (Improper Authorization in GitHub repository openemr/openemr 
prior to 7 ...)
@@ -2586,6 +2624,7 @@ CVE-2023-2257 (Authentication Bypass in Hub Business 
integration in Devolutions
 CVE-2023-2256
        RESERVED
 CVE-2023-2255 (Improper access control in editor components of The Document 
Foundatio ...)
+       {DSA-5415-1}
        - libreoffice 4:7.4.5-3
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
 CVE-2023-2254
@@ -9392,8 +9431,8 @@ CVE-2023-28787
        RESERVED
 CVE-2023-28786
        RESERVED
-CVE-2023-28785
-       RESERVED
+CVE-2023-28785 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
+       TODO: check
 CVE-2023-28784
        RESERVED
 CVE-2023-28783
@@ -16836,6 +16875,7 @@ CVE-2023-0952 (Improper access controls on entries in 
Devolutions Server  2022.3
 CVE-2023-0951 (Improper access controls on some API endpoints in Devolutions 
Server 2 ...)
        NOT-FOR-US: Devolutions Server
 CVE-2023-0950 (Improper Validation of Array Index vulnerability in the 
spreadsheet co ...)
+       {DSA-5415-1}
        - libreoffice 4:7.4.5-3
        NOTE: 
https://www.libreoffice.org/about-us/security/advisories/cve-2023-0950/
 CVE-2023-0949 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
modoboa/mo ...)
@@ -62323,8 +62363,8 @@ CVE-2022-36352
        RESERVED
 CVE-2022-36347 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) 
vulnerability ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-36345
-       RESERVED
+CVE-2022-36345 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss 
Download  ...)
+       TODO: check
 CVE-2022-35726 (Broken Authentication vulnerability in yotuwp Video Gallery 
plugin <=  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-35725 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) 
vulnerability ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1eee7b0d869572f4fb05ec64b41a6b49066be99e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1eee7b0d869572f4fb05ec64b41a6b49066be99e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to