[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun May 28 21:53:21 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
251023d6 by Moritz Mühlenhoff at 2023-05-28T22:52:53+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,41 +1,41 @@
 CVE-2023-33931 (Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu You ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-33926 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Goog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-33332 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce plugin
 CVE-2023-33328 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-33326 (Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in Ev ...)
-	TODO: check
+	NOT-FOR-US: EventPrime plugin
 CVE-2023-33319 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce plugin
 CVE-2023-33316 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce plugin
 CVE-2023-33315 (Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-33314 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-33313 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-33311 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-33309 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-33216 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVec ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce plugin
 CVE-2023-33212 (Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormB ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-33211 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-32958 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nose ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-32800 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2015-10106 (A vulnerability classified as critical was found in mback2k mh_httpbl  ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension
 CVE-2014-125101 (A vulnerability classified as critical has been found in Portfolio Gal ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-2951 (A vulnerability classified as critical has been found in code-projects ...)
 	NOT-FOR-US: Bus Dispatch and Information System
 CVE-2023-2950 (Improper Authorization in GitHub repository openemr/openemr prior to 7 ...)
@@ -75,40 +75,40 @@ CVE-2023-33195 (Craft is a CMS for creating custom digital experiences on the we
 CVE-2023-33194 (Craft is a CMS for creating custom digital experiences on the web.The  ...)
 	NOT-FOR-US: Craft CMS
 CVE-2023-33192 (ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not val ...)
-	TODO: check
+	NOT-FOR-US: ntpd-rs
 CVE-2023-33188 (Omni-notes is an open source note-taking application for Android. The  ...)
-	TODO: check
+	NOT-FOR-US: Omni-notes
 CVE-2023-33187 (Highlight is an open source, full-stack monitoring platform. Highlight ...)
-	TODO: check
+	NOT-FOR-US: Highlight (different from src:highlight)
 CVE-2023-33184 (Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed ...)
 	NOT-FOR-US: Nextcloud Mail
 CVE-2023-32688 (parse-server-push-adapter is the official Push Notification adapter fo ...)
-	TODO: check
+	NOT-FOR-US: parse-server-push-adapter
 CVE-2023-32686 (Kiwi TCMS is an open source test management system for both manual and ...)
 	NOT-FOR-US: Kiwi TCMS
 CVE-2023-32676 (Autolab is a course management service that enables auto-graded progra ...)
-	TODO: check
+	NOT-FOR-US: Autolab
 CVE-2023-32325 (PostHog-js is a library to interface with the PostHog analytics tool.  ...)
-	TODO: check
+	NOT-FOR-US: PostHog-js
 CVE-2023-32321 (CKAN is an open-source data management system for powering data hubs a ...)
-	TODO: check
+	NOT-FOR-US: CKAN
 CVE-2023-32319 (Nextcloud server is an open source personal cloud implementation. Miss ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2023-32317 (Autolab is a course management service that enables auto-graded progra ...)
-	TODO: check
+	NOT-FOR-US: Autolab
 CVE-2023-32316 (CloudExplorer Lite is an open source cloud management tool. In affecte ...)
-	TODO: check
+	NOT-FOR-US: CloudExplorer Lite
 CVE-2023-32315 (Openfire is an XMPP server licensed under the Open Source Apache Licen ...)
 	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2023-32311 (CloudExplorer Lite is an open source cloud management platform. In Clo ...)
-	TODO: check
+	NOT-FOR-US: CloudExplorer Lite
 CVE-2023-32307 (Sofia-SIP is an open-source SIP User-Agent library, compliant with the ...)
 	- sofia-sip <unfixed> (bug #1036847)
 	NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c
 	NOTE: https://github.com/freeswitch/sofia-sip/pull/214
 	NOTE: Fixed by: https://github.com/freeswitch/sofia-sip/commit/c3bbc50c88d168065de34ca01b9b1d98c1b0e810 (v1.13.15)
 CVE-2023-2924 (A vulnerability, which was classified as critical, has been found in S ...)
-	TODO: check
+	NOT-FOR-US: Supcon SimField
 CVE-2023-2923 (A vulnerability classified as critical was found in Tenda AC6 US_AC6V1 ...)
 	NOT-FOR-US: Tenda
 CVE-2023-2922 (A vulnerability classified as problematic has been found in SourceCode ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/251023d68e37771fa5dcd40911e51ad47c53608a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/251023d68e37771fa5dcd40911e51ad47c53608a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230528/512518f0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list