[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun May 28 21:12:25 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1eee7b0d by security tracker role at 2023-05-28T20:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2023-33931 (Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu You ...)
+ TODO: check
+CVE-2023-33926 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Goog ...)
+ TODO: check
+CVE-2023-33332 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...)
+ TODO: check
+CVE-2023-33328 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plug ...)
+ TODO: check
+CVE-2023-33326 (Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in Ev ...)
+ TODO: check
+CVE-2023-33319 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...)
+ TODO: check
+CVE-2023-33316 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...)
+ TODO: check
+CVE-2023-33315 (Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, ...)
+ TODO: check
+CVE-2023-33314 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plu ...)
+ TODO: check
+CVE-2023-33313 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP ...)
+ TODO: check
+CVE-2023-33311 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-33309 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome ...)
+ TODO: check
+CVE-2023-33216 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVec ...)
+ TODO: check
+CVE-2023-33212 (Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormB ...)
+ TODO: check
+CVE-2023-33211 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andr ...)
+ TODO: check
+CVE-2023-32958 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nose ...)
+ TODO: check
+CVE-2023-32800 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank ...)
+ TODO: check
+CVE-2015-10106 (A vulnerability classified as critical was found in mback2k mh_httpbl ...)
+ TODO: check
+CVE-2014-125101 (A vulnerability classified as critical has been found in Portfolio Gal ...)
+ TODO: check
CVE-2023-2951 (A vulnerability classified as critical has been found in code-projects ...)
NOT-FOR-US: Bus Dispatch and Information System
CVE-2023-2950 (Improper Authorization in GitHub repository openemr/openemr prior to 7 ...)
@@ -2586,6 +2624,7 @@ CVE-2023-2257 (Authentication Bypass in Hub Business integration in Devolutions
CVE-2023-2256
RESERVED
CVE-2023-2255 (Improper access control in editor components of The Document Foundatio ...)
+ {DSA-5415-1}
- libreoffice 4:7.4.5-3
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
CVE-2023-2254
@@ -9392,8 +9431,8 @@ CVE-2023-28787
RESERVED
CVE-2023-28786
RESERVED
-CVE-2023-28785
- RESERVED
+CVE-2023-28785 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-28784
RESERVED
CVE-2023-28783
@@ -16836,6 +16875,7 @@ CVE-2023-0952 (Improper access controls on entries in Devolutions Server 2022.3
CVE-2023-0951 (Improper access controls on some API endpoints in Devolutions Server 2 ...)
NOT-FOR-US: Devolutions Server
CVE-2023-0950 (Improper Validation of Array Index vulnerability in the spreadsheet co ...)
+ {DSA-5415-1}
- libreoffice 4:7.4.5-3
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-0950/
CVE-2023-0949 (Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/mo ...)
@@ -62323,8 +62363,8 @@ CVE-2022-36352
RESERVED
CVE-2022-36347 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-36345
- RESERVED
+CVE-2022-36345 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download ...)
+ TODO: check
CVE-2022-35726 (Broken Authentication vulnerability in yotuwp Video Gallery plugin <= ...)
NOT-FOR-US: WordPress plugin
CVE-2022-35725 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1eee7b0d869572f4fb05ec64b41a6b49066be99e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1eee7b0d869572f4fb05ec64b41a6b49066be99e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230528/2347d3bc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list